Am Mon, Jun 24, 2024 at 08:23:54AM +0000 schrieb Grzegorz Sobański: > Hi, > Thanks for working on this. > Could you please share a source diff for this change? We can’t use this > private build - we will need to build it ourselves.
Hi, please check https://github.com/sumit-bose/sssd/commit/464a7ec2793a82c83330cb3a10b114d1cafaf0ba HTH bye, Sumit > > Regards, > > Grzegorz > www.payu.com<http://www.payu.com/> > > > From: Sumit Bose <sb...@redhat.com> > Date: Friday, 21 June 2024 at 16:18 > To: End-user discussions about the System Security Services Daemon > <sssd-users@lists.fedorahosted.org> > Subject: External : [SSSD-users] Re: 2FA is being enforced after upgrading > 2.9.1->2.9.4 > Attention: This email originated outside trusted domains. > > > Am Fri, Jun 21, 2024 at 11:47:54AM +0000 schrieb Grzegorz Sobański: > > > Am Tue, Jun 18, 2024 at 10:14:29AM +0000 schrieb Grzegorz Sobański: > > > > Hi, > > > > after updating Rocky Linux from 9.3 to 9.4 sssd started to enforce 2FA > > > > for our sudo configuration, while before it was optional, and we can’t > > > > find why did it change. > > > > We downgraded sssd packages from 2.9.4 to 2.9.1 and 2FA went back to > > > > being optional, so we are sure it’s because sssd version change from > > > > 2.9.1->2.9.4, all other configuration is the same. > > > > > > > > I looked through changelogs and skimmed through the list of commits, > > > > but I couldn’t find anything obvious that should change this. Has > > > > anyone seen something similar? Do you know if it’s a result of an > > > > intended change or some side-effect of other changes? Or a bug? > > > > > > > > We are using IPA as Kerberos provider, users do have OTP set up. > > > > Up to 2.9.1 sudoing worked either with only password or password+otp. > > > > On 2.9.4 (and 2.9.5) sudoing is not working with only password, both > > > > password+otp are required. > > > > > > Hi, > > > > > > this might be related to > > > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSSSD%2Fsssd%2Fissues%2F7152but&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106428680%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=s5I%2FbSkEg9Qd8C51y7TVUDPgs9itKPCSzCsP6BCmbvY%3D&reserved=0<https://github.com/SSSD/sssd/issues/7152but> > > > this should be fixed in 2.9.5. Would it be possible to send full debug > > > logs for sssd-2.9.5 with `debug_level = 9` at least in the [domain/...] > > > section of sssd.conf covering a failed login attempt? > > > > Hi, > > I attach full debug logs with level 9 from sssd 2.9.5. > > Hi, > > thanks for the logs, please find a test build which should fix the issue > at > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsbose.fedorapeople.org%2Fotp_password%2Fsssd-2.9.4-6.el9_4.1sb1.tar.gz&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106439313%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=KC5k8HALKVWVf7hsEcUZsuhRSkgQJxXyV0C%2BgbnOkFQ%3D&reserved=0<https://sbose.fedorapeople.org/otp_password/sssd-2.9.4-6.el9_4.1sb1.tar.gz>. > Please let me know if it works for you or not. > > If you don't mind it would be nice if you can open a ticket for this > issue at > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FSSSD%2Fsssd%2Fissues%2Fnew&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106445800%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=6OoGSvFphda4nKzwwibj8sOgXeoZoqQjxot7QmjPr%2F8%3D&reserved=0<https://github.com/SSSD/sssd/issues/new>. > > Thanks. > > bye, > Sumit > > > > > Bye, > > Grzegorz > > > > > -- > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106451504%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=mLizMMH3K5d%2BeyisWiFfvloCWeue5OX%2BgET6y0qbwho%3D&reserved=0<https://docs.fedoraproject.org/en-US/project/code-of-conduct/> > > List Guidelines: > > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106456251%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MeiVkmAke2%2Ffb2oz%2F10ne%2BosK4KPd%2Bhf3F5iW%2B6naiQ%3D&reserved=0<https://fedoraproject.org/wiki/Mailing_list_guidelines> > > List Archives: > > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106460843%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9rQyI3ojU9v8oc7nidjwX858zDeu%2F0TZmYFoSJIhxjA%3D&reserved=0<https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org> > > Do not reply to spam, report it: > > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpagure.io%2Ffedora-infrastructure%2Fnew_issue&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106465039%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=cZygUhEXj%2B72qxN%2FYvWvFTFyh5w4zttsnd5oLmJhq%2Fg%3D&reserved=0<https://pagure.io/fedora-infrastructure/new_issue> > -- > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106469028%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=qBIC1QxW1JJXbrJwO5ot9zuRygkAJ1bhR778E31kiy8%3D&reserved=0<https://docs.fedoraproject.org/en-US/project/code-of-conduct/> > List Guidelines: > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106473154%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=W8F%2F4Ib8fZG49ot2CsjoEGlhia0CZ%2BdEtmno2IjQ9p0%3D&reserved=0<https://fedoraproject.org/wiki/Mailing_list_guidelines> > List Archives: > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106477080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kD8So0NjBG2dFOrC2P7hi9Zp39eBInBu316WuUAEMo4%3D&reserved=0<https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org> > Do not reply to spam, report it: > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpagure.io%2Ffedora-infrastructure%2Fnew_issue&data=05%7C02%7Cgrzegorz.sobanski%40payu.com%7C49e503af8f9d42ff594008dc91fd054f%7C674203d44c704e82b36bec018d680a26%7C1%7C1%7C638545763106481123%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3VHT7xwXEgXSpmiWBg2OL25GAZ323VatPykgyewA3dE%3D&reserved=0<https://pagure.io/fedora-infrastructure/new_issue> > -- > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
