On Sun, Dec 11, 2011 at 11:49:46PM +0100, Sigbjorn Lie wrote:
> On the other hand, even though looking up users, groups and
> netgroups seem fine, I cannot log in. Neither at the console, su, or
> ssh. Was there an issue with HBAC rules in SSSD 1.5.13 ?
> Dec 11 21:13:32 mint12 su[6769]: pam_sss(su:account): Access denied
> for user test: 6 (Permission denied)
> Rgds,
> Siggi

Yes, there was a number of HBAC-related fixes since 1.5.13. The
following commits touched files in src/providers/ipa/ipa_hbac*.[ch]:

* Add a missing break (9077c3ebec92454d8ed949491c4ca89ed6cdf75a)
* Do not access memory out of bounds
* HBAC: fix typos preventing proper hostgroup evaluation
* HBAC: Do not save member/memberOf links
* HBAC: Use originalMember for identifying servicegroups
* HBAC: Use originalMember for identifying hostgroups

Obviously, the Ubuntu package might have backported some of these into
their 1.5.13 distribution package. The list was taken from upstream 1.5

Freeipa-users mailing list

Reply via email to