On 11/5/20 1:58 PM, Nico Kadel-Garcia wrote:
On Thu, Nov 5, 2020 at 6:39 AM Petr Menšík <pemensik@xxxxxxxxxx> wrote:
No, no, NO again.
nscd has no important active bugs in Fedora. I am not sure what bugs are
mentioned, but just a few active bugs are on glibc component in Fedora.
Therefore it seems just fine no commits are good.
Just unlike systemd-resolved, which actively breaks some use cases. It
changes resolution order of search directive in resolv.conf, breaks
DNSSEC, breaks one label names resolution. It is famous among DNS
community [1].
sssd also breaks other LDAP setups, It's extremely broken with larger
LDAP setups because it insists on caching *ALL* of the LDAP, barring
being able to filter to only a smaller set of the LDAP. But because so
many LDAP setups scatter group and user information in so many
distinct parts of the LDAP layout, this never works and it *ALWAYS*
times out in large, remot4e LDAP setups. It works for a few seconds at
start time, then crashes and takes out *all* sssd based services.
SSSD only stores required data, i.e. requested users, groups or whatever
unless you set enumerate=true which is explicitly stated as "not
recommended" in SSSD manual pages.
The sophisticated setups available by hand-editing sssd are also
*inevitably* overwritten by any use of the 'authconfig' command, which
is used by various RPM '%post' operations. sssd's configuration
Authconfig used to only override domain named "default" which was
created by authconfig and it only touched a specific set of options that
were requested by authconfig arguments. Also users usually don't name
their domain as "default" so I don't deem this a valid point.
Furthermore, real authconfig is not around since Fedora 28 and the
wrapper around authselect touches only a configuration snippet.
options are so poor that they may as well be malicious. It is most
effective in small and unsophisticated network environments. It
suffers from the "systemd" style, sprawling universal management tool
design principles and makes many straightforward operations very
difficult if not impossible.
What kind of operations?
I don't know when it was the last time you tried SSSD or authconfig and
I know nothing about your environment but these are just hateful
paragraphs without any kind of evidence. If you have any issue with
SSSD, feel free to open bug report and we can see what needs to be done
to make it work for you.
nscd is a lightweight and *far* more stable tool, and should be used
in preference to sssd wherever possible. An indepent LDAP and Kerberos
toolkit is *far* more stable than sssd.
Instead, I request again, split systemd-resolved into subpackage. I want
it removed on my system and so do more people. Also, when I disable it,
I have to fix /etc/resolv.conf by hand. I would think NetworkManager
restart would refresh classic /etc/resolv.conf, like in F32.
That's a separate issue. Maybe start a separate thread about that?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
