Null hostgroup or null service in HBAC rules may crash sssd_be during authentication when used in Identity Management / IdM / IPA

Solution Verified - Updated -

Issue

When SSSD is configured with HBAC rules and a hostgroup is null, or if a servicegroup is null, in some cases, the sssd_be process may seg fault on an IPA client during authentication.

Environment

Red Hat Enterprise Linux Server release 6.2 (Santiago)
Linux ipaserver1.example.com 2.6.32-220.el6.x86_64 #1 SMP Wed Nov 9 08:03:13 EST 2011 x86_64 x86_64 x86_64 GNU/Linux

IPA / Identity Management
ipa-server-2.1.3-9.el6.x86_64
ipa-client-2.1.3-9.el6.x86_64

libipa_hbac-python-1.5.1-66.el6.x86_64
libipa_hbac-1.5.1-66.el6.x86_64

sssd-client-1.5.1-66.el6.x86_64
sssd-1.5.1-66.el6.x86_64
sssd-debuginfo-1.5.1-66.el6.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.