Univention Bugzilla – Bug 30066
pam's (common-auth) univention-ucc-update-nss does not work for ssh sessions (UCC-remote)
Last modified: 2023-06-28 10:32:56 CEST
This should be documented +++ This bug was initially created as a clone of Bug #30049 +++ If a user is created, he is not known in nss on ucc thin clients, but a "local" login with that user is possible (kerberos authentication). Then common-auth executes univention-ucc-update-nss and updates the passwd. But ssh does not allow logins with unknown usernames. For a remote session, the "unknown" user logs on to the thin client (local login -> common-auth -> univention-ucc-update-nss -> user is known on the thin client). Then the sessions script for the remote session tries to establish a ssh connection to the desktop server. But this ssh connection is not possible, as long as the user is unknown on the desktop server. On ucc desktop servers the nss information will be updated every five minutes. So you have to wait 5 minutes before you can log on with a new user to a UCC remote session.
This has been fixed code-wise in UCC, so the workaround no longer needs to be documented.