New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sssd_pam segfaults during password-based SSH-login #7061
Comments
Hi,
'rpm -q sssd' output and coredump would be great. |
I scrubbed sensitive data from the log above, but it will probably be fully readable in the coredump. How can I make it available in a secure way? |
Hi, You can try adding
You can email our sssd developer team list sssd-maint@redhat.com (or me directly at jstephen@redhat.com) if it's okay for you. |
@justin-stephenson Thanks for the tip about |
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, of ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. Resolves: SSSD#7061
The fix looks good to me; logins went back to normal. Thank you for the quick work on this! |
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. Resolves: SSSD#7061
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. Resolves: SSSD#7061
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. Resolves: SSSD#7061
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. :relnote: PAM passkey processing now correctly checks for and skips handling any non-passkey data. Resolves: SSSD#7061
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. :relnote: Fixes a crash when PAM passkey processing incorrectly handles non-passkey data. Resolves: SSSD#7061
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. :relnote: Fixes a crash when PAM passkey processing incorrectly handles non-passkey data. Resolves: SSSD#7061
In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. :relnote: Fixes a crash when PAM passkey processing incorrectly handles non-passkey data. Resolves: #7061 Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 6ed1eff)
Immediately after upgrading a server from Fedora 38 to 39 SSH started rejecting password-authenticated connection attempts with "Permission denied". Luckily it was still possible to log in with a Kerberos ticket and I discovered that
sssd_pam
was crashing:Relevant section from the journal:
Also, while trying to understand what's wrong I tried logging in from a local account into an AD-backed one, and instead of being asked for a password I'm getting this message that I've never seen before:
Communication with AD seems to be fine, at least things like
getent passwd $USERNAME
behave as expected and I can get a ticket withkinit
. Both cases (the stack trace and the login message) refer to passkeys, although nothing related to them was ever configured on the server or is desired at the moment. I also manually removedsssd-passkey
which seems to have been installed during the upgrade to F39, but with no effect.sssd.conf.txt
sssd_pam.log
What other logs should I provide?
The text was updated successfully, but these errors were encountered: