On Tue, 2011-09-06 at 20:04 +0200, Sigbjorn Lie wrote:
> Hi,
> I attempt a login with a user account that's being denied access to the 
> host via HBAC, I receive the following generic error message.
> Sep  6 20:02:03 ipa01 sshd[11592]: pam_sss(sshd:account): Access denied 
> for user username: 4 (System error)
> Would it be an idea to change this to advise that the user login was 
> denied due to HBAC rules? I see this is a bit confusing.

"System error" means that something went wrong with processing. It
defaults to DENY (to be safe), but it's actually an error.

What version of SSSD are you running on the client? We fixed a fair
number of HBAC bugs in the 1.5.13 release (which is currently in the
updates-testing repos for F14, F15 and F16).

Attachment: signature.asc
Description: This is a digitally signed message part

Freeipa-users mailing list

Reply via email to