Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-49811

2FA is being enforced after upgrading 2.9.1->2.9.4

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.5
    • rhel-9.4
    • sssd
    • sssd-2.9.5-4.el9
    • None
    • Low
    • rhel-sst-idm-sssd
    • ssg_idm
    • 22
    • 24
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      https://github.com/SSSD/sssd/issues/7456

      ```
      After updating from 9.3 to 9.4 sssd started to enforce 2FA for our sudo configuration, while before it was optional, and we can't find why did it change.
      We downgraded sssd packages from 2.9.4 to 2.9.1 and 2FA went back to being optional, so we are sure it's because sssd version change from 2.9.1->2.9.4, all other configuration is the same.

      I looked through changelogs and skimmed through the list of commits, but I couldn't find anything obvious that should change this. Seems like a bug or side-effect of other changes.

      We are using IPA as Kerberos provider, users do have OTP set up.
      Up to 2.9.1 sudoing worked either with only password or password+otp.
      On 2.9.4 (and 2.9.5) sudoing is not working with only password, both password+otp are required.
      ```

              sbose@redhat.com Sumit Bose
              atikhono@redhat.com Alexey Tikhonov
              SSSD Maintainers SSSD Maintainers
              Madhuri Upadhye Madhuri Upadhye
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: