group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1775636] Re: sss_ssh_authorizedkeys fails with: Error looking up public keys when client cert present in IPA

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Andreas Hasenack <andreas@xxxxxxxxxxxxx>
Date: Wed, 31 Jul 2019 20:21:12 -0000
Reply-to: Bug 1775636 <1775636@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Only xenial affected, adjusting bug tasks

** Also affects: sssd (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: sssd (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: sssd (Ubuntu Xenial)
   Importance: Undecided => Low

** Changed in: sssd (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1775636

Title:
  sss_ssh_authorizedkeys fails with: Error looking up public keys when
  client cert present in IPA

Status in sssd package in Ubuntu:
  Fix Released
Status in sssd source package in Xenial:
  Triaged

Bug description:
  When trying to get the key for a person with also a client cert present in IPA the following error shows:
  ```
  (Thu Jun  7 14:37:11:920526 2018) [/usr/bin/sss_ssh_authorizedkeys] [main] (0x0020): sss_ssh_get_ent() failed (14): Bad address
  Error looking up public keys
  ```

  What is supposed to happen:
  return public key for user

  Version Information:
  Ubuntu 16.04.2 LTS

  Updated sssd-common and related tools to latest: libipa-hbac0 libsss-
  idmap0 python-libipa-hbac python-sss sssd sssd-ad sssd-ad-common sssd-
  common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy

  so sssd is now at:
  ii  sssd-common                        1.13.4-1ubuntu1.10                         amd64        System Security Services Daemon -- common files

  This doesn't happen on Centos 7.5 (sssd-common-1.16.0-19.el7.x86_64)
  nor on ubuntu 14.04 (sssd-common==1.11.8-0ubuntu0.7)

  IPA server is on CentOS 7.5: ipa-server-4.5.4-10.el7.centos.x86_64

  From what I've seen upstream, it might be related to the fairly new
  handling of x509 certificates with ssh certificates in them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1775636/+subscriptions