Null hostgroup or null service in HBAC rules may crash sssd_be during authentication when used in Identity Management / IdM / IPA

Solution Verified - Updated -

Issue

When SSSD is configured with HBAC rules and a hostgroup is null, or if a servicegroup is null, in some cases, the sssd_be process may seg fault on an IPA client during authentication.

Environment

Red Hat Enterprise Linux Server release 6.2 (Santiago)
Linux ipaserver1.example.com 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux

IPA / Identity Management
ipa-server-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64

libipa_hbac-python-1.5.1-66.el6.x86_64
libipa_hbac-1.5.1-66.el6.x86_64

sssd-client-1.5.1-66.el6.x86_64
sssd-1.5.1-66.el6.x86_64
sssd-debuginfo-1.5.1-66.el6.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content