F18 users unable to log in due to cached nsswitch.conf

Stef Walter stefw at redhat.com
Wed Oct 17 15:17:55 UTC 2012 

In Fedora 17 and 18 we have a problem where remote users are unable to 
log in until the machine has been rebooted. This used to work 
previously. To fix this we probably need to:

Include 'sss' in /etc/nsswitch.conf by default and have the small 
sssd-client package (with just thepam, nss plugins) installed on all but 
minimal Fedora installs.

Is it too late to do this for Fedora 18? I'd jump in and provide the 
patches necessary. Sadly it's been hard to test a coherent system up 
until this point, so I thought this was a fluke of my test F18 systems 
until just the other day.

Cheers,

Stef



DETAILS:

This happens after configuration using authconfig to change 
/etc/nsswitch.conf (or doing it manually). The changes are not picked up 
by long running processes like dbus-daemon --system. As far as I can see 
dbus-daemon then refuses to allow connections from these users. As might 
be expected, gnome-shell crashes hard when this happens.

There are some other ways to fix this problem, but these do not scale to 
fix the problem for every possible affected process:

http://sourceware.org/bugzilla/show_bug.cgi?id=12459

Below I have a rough test for duplicating the problem.


TEST CASE:

* This should be ideally run on a freshly installed system or at
   least a system without sss in /etc/nsswitch.conf since last boot.

$ grep sss /etc/nsswitch.conf && "ALREADY HAVE sss"
$ sudo -s
# yum install sssd-tools pamtester
# test -f /etc/sssd/sssd.conf && mv /etc/sssd/sssd.conf 
/etc/sssd/sssd.conf.bak
# echo -e 
"[sssd]\ndomains=local\nconfig_file_version=2\nservices=nss,pam\n[domain/local]\nid_provider=local" 
 > /etc/sssd/sssd.conf
# chmod 0600 /etc/sssd/sssd.conf
# systemctl start sssd.service
# authconfig --update --enablesssd --enablesssdauth
# sss_useradd --uid=2121 --gecos=Zapp zapp
# passwd zapp # set password for zapp
# pamtester zapp authenticate   # type password, should succeed

* Now go to gdm by logging out or switch user.
* Try to log in as zapp.
* Hang.
* Reboot
* Try to log in as zapp.
* Success


TRACKER BUG: https://bugzilla.redhat.com/show_bug.cgi?id=867473


Cheers,

Stef

More information about the devel mailing list