Ubuntu
sssd package

root cannot login to system without password

Bug #1685131 reported by Thomas Lau
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sssd (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Won't Fix
Undecided
Unassigned
Xenial
Won't Fix
Undecided
Unassigned
Yakkety
Won't Fix
Undecided
Unassigned

Bug Description

similar issue:
https://pagure.io/SSSD/sssd/issue/3003

(Workaround suggested above don't work on Xenial)

dev3 detail:
 /var/log/auth.log - dev3 sshd[77]: error: AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys root failed, status 1

root@dev3:~# cat .k5login
<email address hidden>
root@dev3:~# cat /root/.k5login
<email address hidden>
root@dev3:~# sss_ssh_authorizedkeys user1
root@dev3:~# sss_ssh_authorizedkeys root
Error looking up public keys
root@dev3:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial
root@dev3:~# sssd --version
1.13.4
root@dev3:~# cat /etc/nsswitch.conf
passwd: compat sss
group: compat sss
shadow: compat sss
gshadow: files

hosts: files dns
networks: files

protocols: db files
services: db files sss
ethers: db files
rpc: db files

netgroup: nis sss
sudoers: files sss

login from Mocha to dev3:

user1@mocha:~$ ssh <email address hidden>
<email address hidden>'s password:

(Ctrl+c)

user1@mocha:~$ ssh <email address hidden>
Welcome to Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-72-generic x86_64)
user1@dev3:/home/user1$

Revision history for this message
Thomas Lau (lkthomas-f) wrote :

I am using this backport and it's working:

https://launchpad.net/~imphil/+archive/ubuntu/sssd

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Thomas thank you for your report and your help to make Ubuntu better.

I found the associated change at: https://pagure.io/SSSD/sssd/c/fcbcfa69f9291936f01f24b5fcb5a7672dca46f3

That fix is in version 1.14 which means that Ubuntu Zesty and later are already fixed.
Adding a bug task fro X/Y - not sure if it applies back to trusty. By the code alone I'd think it does, but one has to confirm with a Test.

Changed in sssd (Ubuntu):
status: New → Fix Released
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

I've requested to add that commit to sssd-1-13 branch so that it'd be included in 1.13.5 which should be released sometime soonish

I don't think we need to backport it to trusty.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Yakkety has EOL'ed, and Xenial has entered the ESM (Extended Support) period. Therefore, I am marking both tasks as Won't Fix.

Changed in sssd (Ubuntu Yakkety):
status: New → Won't Fix
Changed in sssd (Ubuntu Xenial):
status: New → Won't Fix
Paride Legovini (paride)
Changed in sssd (Ubuntu Trusty):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.