F18 users unable to log in due to cached nsswitch.conf

Wed, 17 Oct 2012 08:18:10 -0700

In Fedora 17 and 18 we have a problem where remote users are unable to log in until the machine has been rebooted. This used to work previously. To fix this we probably need to:
Include 'sss' in /etc/nsswitch.conf by default and have the small sssd-client package (with just thepam, nss plugins) installed on all but minimal Fedora installs. 


Is it too late to do this for Fedora 18? I'd jump in and provide the 
patches necessary. Sadly it's been hard to test a coherent system up 
until this point, so I thought this was a fluke of my test F18 systems 
until just the other day.


Cheers,

Stef



DETAILS:


This happens after configuration using authconfig to change 
/etc/nsswitch.conf (or doing it manually). The changes are not picked up 
by long running processes like dbus-daemon --system. As far as I can see 
dbus-daemon then refuses to allow connections from these users. As might 
be expected, gnome-shell crashes hard when this happens.



There are some other ways to fix this problem, but these do not scale to 
fix the problem for every possible affected process:


http://sourceware.org/bugzilla/show_bug.cgi?id=12459

Below I have a rough test for duplicating the problem.


TEST CASE:

* This should be ideally run on a freshly installed system or at
  least a system without sss in /etc/nsswitch.conf since last boot.

$ grep sss /etc/nsswitch.conf && "ALREADY HAVE sss"
$ sudo -s
# yum install sssd-tools pamtester

# test -f /etc/sssd/sssd.conf && mv /etc/sssd/sssd.conf 
/etc/sssd/sssd.conf.bak
# echo -e 
"[sssd]\ndomains=local\nconfig_file_version=2\nservices=nss,pam\n[domain/local]\nid_provider=local" 
> /etc/sssd/sssd.conf

# chmod 0600 /etc/sssd/sssd.conf
# systemctl start sssd.service
# authconfig --update --enablesssd --enablesssdauth
# sss_useradd --uid=2121 --gecos=Zapp zapp
# passwd zapp # set password for zapp
# pamtester zapp authenticate   # type password, should succeed

* Now go to gdm by logging out or switch user.
* Try to log in as zapp.
* Hang.
* Reboot
* Try to log in as zapp.
* Success


TRACKER BUG: https://bugzilla.redhat.com/show_bug.cgi?id=867473


Cheers,

Stef
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel





















					Reply via email to