If this line is in /etc/nsswitch.conf: passwd: files sss
Why would the user account from IPA get used when an identical one exists in /etc/passwd? We can tell because of some additional groups granted when authentication comes from IPA.
If I shut down sssd, then login proceeds through /etc/passwd as expected, but as soon as I restart sssd, this behavior starts again. It's almost as if nsswitch.conf is being ignored or read right-to-left.
Just another oddity I uncovered on one system as I was troubleshooting a particularly long "ssh localhost" and trying to rule things out.
-- *Bret Wortman* http://damascusgrp.com/ http://about.me/wortmanbret
Description: S/MIME Cryptographic Signature