Changing the default of ldap_tls_reqcert to anything but 'demand' is a security vulnerability. Period.
Setting it to "allow" means that certificates for which you do not have complete trust (i.e. self-signed or malicious certificates) are blindly allowed to be used for the encrypted communication. This means that you are highly vulnerable to a man-in-the-middle attack which could steal passwords and user data. I agree with Jakub. It looks to me like the issue is not in SSSD itself but in one of its dependencies. I'd still prefer to see a complete backtrace, though. I wish we had a complete core or 'bt full' to look at. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/957003 Title: sssd_be crashed with SIGABRT To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/957003/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
