Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1088564
Description of problem: sudoNotBefore time is not always respected Version-Release number of selected component (if applicable): 1.11.2-65 How reproducible: Very often Steps to Reproduce: 1. On the ldapserver: ldapsearch -xv -h ldapserver -b "dc=example,dc=com" cn=test dn: cn=test,ou=Sudoers,dc=example,dc=com objectClass: top objectClass: sudoRole sudoHost: ALL sudoCommand: ALL sudoUser: ALL cn: test sudoRunAsUser: ALL sudoNotBefore: 20140409090729-0400 2. On the client: # date +'%Y%m%d%H%M%S%z' 20140409092740-0400 <== Which is way past the sudoNotBefore time 3. Try to sudo to a user. # su user1 -c "sudo -u user2 ${*-true}" user1 is not allowed to run sudo on client. This incident will be reported. Actual results: sudo access is denied Expected results: sudo should work Additional info:
It looks like a DST issue. It may be a bug in glibc, but it needs more investigation.
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => review: True => 0 selected: => testsupdated: => 0
Not critical for the 1.12 release.
milestone: NEEDS_TRIAGE => SSSD 1.13 beta
In the meantime, Pavel would check with libc developers on the details of mktime that are currently unclear to him.
Fields changed
mark: => 0
milestone: SSSD 1.13 beta => SSSD 1.13 backlog priority: major => minor
Mass-moving tickets not planned for the next two releases.
Please reply with a comment if you disagree about the move..
milestone: SSSD 1.13 backlog => SSSD 1.15 beta
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD Future releases (no date set yet)
Metadata Update from @thalman: - Custom field design_review reset (from 0) - Custom field mark reset (from 0) - Custom field patch reset (from 0) - Custom field review reset (from 0) - Custom field testsupdated reset (from 0) - Issue close_status updated to: None - Issue tagged with: bugzilla
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3358
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.