URL: https://github.com/SSSD/sssd/pull/703 Title: #703: nss: sssd returns '/' for emtpy home directories
jhrozek commented: """ > On Tue, 2018-12-04 at 04:51 -0800, Jakub Hrozek wrote: Thanks, this passes > the test. And of course the patch is correct, but after some more testing, I > wonder if we should at least for one release default to > fallback_homedir=$something at least for the AD provider. Because now with > the completely minimal AD provider configuration (no POSIX attrs, ID mapping > only) I can't log in with an AD user: ``` $ getent passwd ***@***.*** > ***@***.***:*:215000500:215000513:Administrator::/bi n/bash $ su - > ***@***.*** su: user ***@***.*** does not exist ``` Note that this is minimal > config, realmd already adds fallback_homedir. > Why this fails? Because of the missing homedir ? Yes, su checks the homedir: ``` »·······su->pwd = xgetpwnam(su->new_user, &su->pwdbuf); »·······if (!su->pwd »······· || !su->pwd->pw_passwd »······· || !su->pwd->pw_name || !*su->pwd->pw_name »······· || !su->pwd->pw_dir || !*su->pwd->pw_dir) »·······»·······errx(EXIT_FAILURE, _("user %s does not exist"), su->new_user) ``` ssh is more permissive and places you at `/` > Or at least we should IMO add some backwards compatible handling when this > patch makes it to fedora or RHEL otherwise admins might not be happy. From > purely upstream point of view this change is probably OK with me. > I think the AD provider should synthetize an home dir by default, without any > specific option being set, it's what is considered normal also in winbind > land, in fact I would look closely at what winbind does and do the same for > AD users by default. If fallback_homedir is set, skip the default and use > what that setting specifies. Then why not set a default value for fallback homedir? :-) """ See the full comment at https://github.com/SSSD/sssd/pull/703#issuecomment-444106317
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org