I also found this bug on a FAI installed machine. It makes the SSSD daemon
behaving weirdly:
* suddenly missing user names (whoami giving errors)
* inconsistent uid <-> username mapping (spuriously)
* spurious login failures
Following are typical error messages in /var/log/auth.log:
pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh
ruser= rhost=testhost.example.com user=test-user
...
pam_sss(sshd:setcred): Request to sssd failed. Public socket has wrong
ownership or permissions
It was very difficult to find the actual bug, namely default ACLs on
/var/lib/sss.
Unsetting the default ACl via
setfacl --remove-default -R /var/lib/sss
fixes the problem after restarting SSSD.
Kind regards,
Markus
