After a bit of investigation it seems that this was caused by a malicious entry in /var/lib/sss/db/cache_FLADI.AT.ldb (FLADI.AT is my KRB5 doamin) in the "ccacheFile" attribute for both users. Somehow the values got swapped:
dn: name=FladischerMichael,cn=users,cn=FLADI.AT,cn=sysdb createTimestamp: 1274786913 gidNumber: 200 homeDirectory: /home/users/FladischerMichael loginShell: /usr/bin/zsh name: FladischerMichael objectClass: user uidNumber: 1006 originalDN: krb5principalname=fladischermich...@fladi.at,ou=users,dc=fladi,dc=at memberof: ... ccacheFile: FILE:/tmp/krb5cc_1014_dpYK7G failedLoginAttempts: 0 initgrExpireTimestamp: 1275484581 lastUpdate: 1275479181 dataExpireTimestamp: 1275484581 cachedPassword: ... lastCachedPasswordChange: 1275479181 lastOnlineAuth: 1275479181 lastLogin: 1275479181 distinguishedName: name=FladischerMichael,cn=users,cn=FLADI.AT,cn=sysdb And for the other user it's the other way around: dn: name=ReinerWalter,cn=users,cn=FLADI.AT,cn=sysdb createTimestamp: 1274786913 gidNumber: 200 homeDirectory: /home/users/ReinerWalter loginShell: /bin/bash name: ReinerWalter objectClass: user uidNumber: 1014 originalDN: krb5principalname=reinerwal...@fladi.at,ou=users,dc=fladi,dc=at shadowLastChange: 14060 memberof: ... ccacheFile: FILE:/tmp/krb5cc_1006_KEBXoG failedLoginAttempts: 0 initgrExpireTimestamp: 1275484228 lastUpdate: 1275478828 dataExpireTimestamp: 1275484228 cachedPassword: ... lastCachedPasswordChange: 1275478828 lastOnlineAuth: 1275478828 lastLogin: 1275478828 distinguishedName: name=ReinerWalter,cn=users,cn=FLADI.AT,cn=sysdb Removing the file /var/lib/sss/db/cache_FLADI.AT.ldb and restarting sssd afterwards solved the problem. I was not able to reproduce it so far. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
