From fcbcfa69f9291936f01f24b5fcb5a7672dca46f3 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Thu, 28 Apr 2016 10:31:45 +0200 Subject: SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If an IPA client uses the SSH integration and a local user logs in with SSH, the sss_ssh_authorizedkeys looks up their keys in the SSH responder, which doesn't find the user and returns ENOENT. The sss_ssh_authorizedkeys reports a failure on any error, including ENOENT which produced a confusing error message in the logs. This patch adds a new error code that handles users that are not found by SSSD but exist on the system and also special cases root with the same error code. Therefore, logging in as a local user no longer prints an error message. Resolves: https://fedorahosted.org/sssd/ticket/3003 Reviewed-by: Pavel Březina --- src/util/util_errors.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/util/util_errors.c') diff --git a/src/util/util_errors.c b/src/util/util_errors.c index 9beffbc39..522b0f4ff 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -96,6 +96,7 @@ struct err_string error_to_str[] = { { "Domain has to timestamp cache" }, /* ERR_NO_TS */ { "No timestamp cache record" }, /* ERR_TS_CACHE_MISS */ { "Dereference threshold reached" }, /* ERR_DEREF_THRESHOLD */ + { "The user is not handled by SSSD" }, /* ERR_NON_SSSD_USER */ { "ERR_LAST" } /* ERR_LAST */ }; -- cgit