On Tue, 2011-09-06 at 20:04 +0200, Sigbjorn Lie wrote: > Hi, > > I attempt a login with a user account that's being denied access to the > host via HBAC, I receive the following generic error message. > > Sep 6 20:02:03 ipa01 sshd: pam_sss(sshd:account): Access denied > for user username: 4 (System error) > > > Would it be an idea to change this to advise that the user login was > denied due to HBAC rules? I see this is a bit confusing.
"System error" means that something went wrong with processing. It defaults to DENY (to be safe), but it's actually an error. What version of SSSD are you running on the client? We fixed a fair number of HBAC bugs in the 1.5.13 release (which is currently in the updates-testing repos for F14, F15 and F16).
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users