It's just that /var/lib/sss/db is not cleared between subsequent server installs and uninstall, and that seems to be creating problems on the server since the server is also a client. If you do install-uninstall-install on the server with the same domain name for both the installs, you cannot authenticate using sssd after the second install. A simple command like 'ssh admin@localhost' on the server gives permission denied. I don't know if this is a regression, but it would help if someone could reproduce this error.
On Thu, Mar 19, 2015 at 4:19 PM, Jakub Hrozek <[email protected]> wrote: > > > On 19 Mar 2015, at 20:09, Prasun Gera <[email protected]> wrote: > > > > I thought a bit more about the issue of conflicts in /var/lib/sss/db, > and I think it's a pretty significant problem, probably from a security > standpoint too. The fact that it's trying to authenticate against something > stale and incorrect would imply that it might erroneously authenticate > against something it should not. Also, this problem would lock out all > clients and be a nightmare to deal with if the master server needs to be > replaced/migrated. > > > > I'm sorry to come late into this thread, but from the subject it wasn't > clear it's also about SSSD. > > Can you describe the problem better? How did you manage to create > conflicts in sssd database? > > > On Thu, Mar 19, 2015 at 11:57 AM, Nalin Dahyabhai <[email protected]> > wrote: > > On Wed, Mar 18, 2015 at 05:55:52PM -0400, Rob Crittenden wrote: > > > > getcert status > > > > process 31282: arguments to dbus_message_new_method_call() were > > > > incorrect, assertion "path != NULL" failed in file dbus-message.c > line 1262. > > > > This is normally a bug in some application using the D-Bus library. > > > > D-Bus not built with -rdynamic so unable to print a backtrace > > > > Aborted (core dumped) > > > > > > Please open a bug against certmonger. > > > > I'm pretty sure this one's already being tracked as #1148001. > > > > Cheers, > > > > Nalin > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
