You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description of problem:
HBAC rules configured on a FreeIPA server can be set up to limit access to particular hosts or groups of hosts. There is a bug in SSSD that fails to properly process host-groups. The effect of this is that users cannot log into the machine unless it is specified explicitly (instead of as a member of a hostgroup) in the rule.
Version-Release number of selected component (if applicable):
sssd-1.5.1-52.el6
How reproducible:
Every time
Steps to Reproduce:
1. On the FreeIPA server, create a hostgroup and add a host to it.
2. Create an HBAC rule that allows access based on the hostgroup above (set all other features of the rule to the ALL hostcat for easy testing.
3. Disable all other rules (so only this one is active).
4. On the client host, attempt to log in with a valid FreeIPA user.
Actual results:
The user is denied.
Expected results:
The user is granted access.
Additional info:
{{{
Description of problem:
HBAC rules configured on a FreeIPA server can be set up to limit access to particular hosts or groups of hosts. There is a bug in SSSD that fails to properly process host-groups. The effect of this is that users cannot log into the machine unless it is specified explicitly (instead of as a member of a hostgroup) in the rule.
Version-Release number of selected component (if applicable):
sssd-1.5.1-52.el6
How reproducible:
Every time
Steps to Reproduce:
On the FreeIPA server, create a hostgroup and add a host to it.
Create an HBAC rule that allows access based on the hostgroup above (set all other features of the rule to the ALL hostcat for easy testing.
Disable all other rules (so only this one is active).
On the client host, attempt to log in with a valid FreeIPA user.
{{{
Description of problem:
HBAC rules configured on a FreeIPA server can be set up to limit access to particular hosts or groups of hosts. There is a bug in SSSD that fails to properly process host-groups. The effect of this is that users cannot log into the machine unless it is specified explicitly (instead of as a member of a hostgroup) in the rule.
Version-Release number of selected component (if applicable):
sssd-1.5.1-52.el6
How reproducible:
Every time
Steps to Reproduce:
On the FreeIPA server, create a hostgroup and add a host to it.
Create an HBAC rule that allows access based on the hostgroup above (set all other features of the rule to the ALL hostcat for easy testing.
Disable all other rules (so only this one is active).
On the client host, attempt to log in with a valid FreeIPA user.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1018
https://bugzilla.redhat.com/show_bug.cgi?id=741751
Comments
Comment from sgallagh at 2011-09-30 14:01:28
Fixed by:
- 3b6d344 (master)
- 45e8217 (sssd-1-6)
- 28a9f96 (sssd-1-5)
coverity: =>
description: https://bugzilla.redhat.com/show_bug.cgi?id=741751
{{{
Description of problem:
HBAC rules configured on a FreeIPA server can be set up to limit access to particular hosts or groups of hosts. There is a bug in SSSD that fails to properly process host-groups. The effect of this is that users cannot log into the machine unless it is specified explicitly (instead of as a member of a hostgroup) in the rule.
Version-Release number of selected component (if applicable):
sssd-1.5.1-52.el6
How reproducible:
Every time
Steps to Reproduce:
Actual results:
The user is denied.
Expected results:
The user is granted access.
Additional info:
}}}
=> https://bugzilla.redhat.com/show_bug.cgi?id=741751
{{{
Description of problem:
HBAC rules configured on a FreeIPA server can be set up to limit access to particular hosts or groups of hosts. There is a bug in SSSD that fails to properly process host-groups. The effect of this is that users cannot log into the machine unless it is specified explicitly (instead of as a member of a hostgroup) in the rule.
Version-Release number of selected component (if applicable):
sssd-1.5.1-52.el6
How reproducible:
Every time
Steps to Reproduce:
Actual results:
The user is denied.
Expected results:
The user is granted access.
Additional info:
}}}
patch: => 1
resolution: => fixed
rhbz: =>
status: new => closed
tests: => 0
testsupdated: => 0
upgrade: => 0
Comment from mkosek at 2011-12-16 16:02:53
Fields changed
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=741751 741751]
Comment from sgallagh at 2017-02-24 14:26:53
Metadata Update from @sgallagh:
The text was updated successfully, but these errors were encountered: