Am Sun, Aug 14, 2022 at 04:34:30PM +0100 schrieb lejeczek via FreeIPA-users:
Hi guys.
Domain seems to function okey, 'healthcheck' reports no issues, but these
begin to worry me, from sssd_pac.log
...
(2022-08-14 16:19:52): [pac] [accept_fd_handler] (0x0020): Access denied for
uid [389].
* ... skipping repetitive backtrace ...
(2022-08-14 16:19:54): [pac] [accept_fd_handler] (0x0020): Access denied for
uid [389].
* ... skipping repetitive backtrace ...
(2022-08-14 16:19:54): [pac] [accept_fd_handler] (0x0020): Access denied for
uid [389].
* ... skipping repetitive backtrace ...
(2022-08-14 16:20:00): [pac] [accept_fd_handler] (0x0020): Access denied for
uid [389].
Hi,
you can allow 389ds to send the PAC to SSSD by setting
allowed_uids = 0, 389
in the [pac] section of sssd.conf, see man sssd.conf for details.
SSSD can use the PAC to determine group-memberships of a user and since
we do not want that any process can tinker with the group-memberships we
allow access only from "trusted" UIDs.
HTH
bye,
Sumit
and this log is quite busy.
What is that symptom of and should that be a worry?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue