When a realm is in the allow-permitted-logins mode, but no such logins have been set, the simple_allow_users is empty. sssd treats this as if the line is not present, and allows any login. Setting the value to a comma gets around this problem. Further discussion will take place on the sssd mailing list.
Created attachment 68615 [details] [review] Work around the strange behavior of the sssd 'simple' access_provider
Attachment 68615 [details] pushed as a91b9eb - Work around the strange behavior of the sssd 'simple' access_provider
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.