If this line is in /etc/nsswitch.conf:

passwd: files sss

Why would the user account from IPA get used when an identical one exists in /etc/passwd? We can tell because of some additional groups granted when authentication comes from IPA.

If I shut down sssd, then login proceeds through /etc/passwd as expected, but as soon as I restart sssd, this behavior starts again. It's almost as if nsswitch.conf is being ignored or read right-to-left.

Just another oddity I uncovered on one system as I was troubleshooting a particularly long "ssh localhost" and trying to rule things out.

*Bret Wortman*


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-users mailing list

Reply via email to