gpu1 LDAP login issues
Predrag Punosevac
predragp at andrew.cmu.edu
Mon Oct 5 20:58:39 EDT 2020
Dear Autonians,
Several of you have reported problems with login on GPU1 server. After
wasting 2h I got to the bottom of the issues. Red Hat sssd is shipped with
the broken OpenSSL (TLS v1.3 protocol). Temporary solution is to allow sssd
to fetch your credentials from our LDAP directory service server over the
unencrypted channel. Since this is all happening behind our Auton Lab
firewall it is ok for now. However, please report any issues with the login
into computing nodes at once as problems will likely persist for a few
weeks.
Our LDAP domain controller is running OpenBSD which is in turn shipped with
the latest version of LibreSSL. LibreSSL guys, which is one of OpenBSD
subprojects, have been merciless with backdoors put by BND aka. OpenSSL
guys. This is the
latest episode in the battle for honest cryptographic stack.
Cheers,
Predrag
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.srv.cs.cmu.edu/pipermail/autonlab-users/attachments/20201005/c0d40893/attachment.html>
More information about the Autonlab-users
mailing list