Hey everyone, I've been having a bit of trouble with my login service in a Kubernetes cluster. The service itself is working, but there's an odd issue that's been driving me up the wall. I'm running an Ubuntu 24.04 pod that uses Active Directory (AD) and System Security Services Daemon (SSSD) for logins. For some reason, I can only successfully log in after three failed attempts — on the fourth try, it prompts for the password as:
'blah@blah's password'
instead of the usual '(blah@blah) Password:'.
I've checked the logs accessible to me, which are located at /var/log/sssd, but since it's a disposable container, I don't have access to systemd or journal logs. Every time I restart the pod, it just resets the service, and I can't run 'sss_cache -E' as suggested in online forums.
Here's a quick look at my sssd.conf configuration and PAM settings if that helps:
```
[sssd]
config_file_version = 2
domains = domain
services = nss, pam
[nss]
debug_level = 4880
filter_users = pulse,cvmfs,sshd,apache,rpc,root
[pam]
debug_level = 4880
offline_failed_login_attempts = 3
```
Could anyone help me understand what might be causing this behavior? I'd really appreciate any insights as I've already spent quite some time looking into this!
1 Answer
It sounds like you're facing an odd issue with the authentication flow. I recommend checking your auth logs closely. You might find that one of the PAM modules is failing on the first few attempts and then a different one is succeeding on the fourth try. This could explain the unusual prompt you're seeing.
Thanks for the tip! I'll dig deeper into the auth logs to see if I can spot any failures with the PAM modules.