[prev in list] [next in list] [prev in thread] [next in thread]
List: sssd-users
Subject: =?utf-8?q?=5BSSSD-users=5D?= Re: [External] files domain and getent passwd
From: Alexey Tikhonov <atikhono () redhat ! com>
Date: 2023-02-27 12:44:14
Message-ID: CABPeg3bruS45J0FYt8eiRuBD4N7j3osXa_XNXOZMH-sNG_ZCuw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Thu, Feb 23, 2023 at 4:15 PM Patrick Riehecky <riehecky@fnal.gov> wrote:
> On Thu, 2023-02-23 at 11:21 +0100, Alexey Tikhonov wrote:
> > From a practical point of view, for 'auth_provider=krb5' & local
> > users
> > case we now tend to recommend using 'id_provider = proxy' with lib
> > 'files'.
> > 'Files provider' might be deprecated / removed upstream going
> > forward.
>
>
> Is there more information on this?
>
https://github.com/SSSD/sssd/pull/6572
Most probably sssd-2.9 upstream release will have a build time ./configure
option to enable/disable support of 'files provider'.
It's up to the downstream maintainer if they will keep it enabled.
> My federation system provides an "passwd format" file that I'm loading
> via
>
> group_files=/etc/sssd_git/group
> passwd_files=/etc/sssd_git/passwd
> pwfield=*
>
>
Could you please check if `sssd-proxy` with `nss-altfiles` as a lib works
for your case?
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Thu, Feb 23, 2023 at 4:15 PM Patrick Riehecky <<a \
href="mailto:riehecky@fnal.gov">riehecky@fnal.gov</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">On Thu, 2023-02-23 at 11:21 +0100, Alexey Tikhonov \
wrote:<br> > From a practical point of view, for 'auth_provider=krb5' \
& local<br> > users<br>
> case we now tend to recommend using 'id_provider = proxy' with lib<br>
> 'files'.<br>
> 'Files provider' might be deprecated / removed upstream going<br>
> forward.<br>
<br>
<br>
Is there more information on this?<br></blockquote><div><br></div><div><a \
href="https://github.com/SSSD/sssd/pull/6572">https://github.com/SSSD/sssd/pull/6572</a></div><div>Most \
probably sssd-2.9 upstream release will have a build time ./configure option to \
enable/disable support of 'files provider'.</div><div>It's up to the \
downstream maintainer if they will keep it enabled.</div><br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <br>
My federation system provides an "passwd format" file that I'm \
loading<br> via <br>
<br>
group_files=/etc/sssd_git/group<br>
passwd_files=/etc/sssd_git/passwd<br>
pwfield=*<br>
<br></blockquote><div><br></div><div>Could you please check if `sssd-proxy` with \
`nss-altfiles` as a lib works for your \
case?</div><div><br></div><div><br></div></div><div \
class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div \
class="gmail_quote"><br></div><div class="gmail_quote"><br></div><div \
class="gmail_quote"><br></div></div>
[Attachment #6 (text/plain)]
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic