F18 users unable to log in due to cached nsswitch.conf

Simo Sorce simo at redhat.com
Wed Oct 17 15:29:02 UTC 2012

On Wed, 2012-10-17 at 11:21 -0400, Simo Sorce wrote:
> On Wed, 2012-10-17 at 17:17 +0200, Stef Walter wrote:
> > In Fedora 17 and 18 we have a problem where remote users are unable to 
> > log in until the machine has been rebooted. This used to work 
> > previously. To fix this we probably need to:
> > 
> > Include 'sss' in /etc/nsswitch.conf by default and have the small 
> > sssd-client package (with just thepam, nss plugins) installed on all but 
> > minimal Fedora installs.
> > 
> > Is it too late to do this for Fedora 18? I'd jump in and provide the 
> > patches necessary. Sadly it's been hard to test a coherent system up 
> > until this point, so I thought this was a fluke of my test F18 systems 
> > until just the other day.
> > 
> > Cheers,
> > 
> > Stef
> I want to add, that having the 'sss' line in nsswitch.conf is completely
> harmless both if the libnss_sss plugin is not available (minimal) and if
> it is available but sssd is not.
> The library has been built to be resilient and not block or cause issues
> when the daemon is present. glibc also just ignores missing plugins.

and I meant 'missing' here ^^ of course ...

> So adding that line by default in nsswitch.conf should have no
> unintended consequences or bad failure modes.


Simo Sorce * Red Hat, Inc * New York

More information about the devel mailing list