If this line is in /etc/nsswitch.conf:

passwd: files sss

Why would the user account from IPA get used when an identical one exists in /etc/passwd? We can tell because of some additional groups granted when authentication comes from IPA.

If I shut down sssd, then login proceeds through /etc/passwd as expected, but as soon as I restart sssd, this behavior starts again. It's almost as if nsswitch.conf is being ignored or read right-to-left.

Just another oddity I uncovered on one system as I was troubleshooting a particularly long "ssh localhost" and trying to rule things out.


--
*Bret Wortman*

http://damascusgrp.com/
http://about.me/wortmanbret

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to