Re: F36 Change: Make Authselect Mandatorry (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/13/21 3:17 PM, Michael Catanzaro wrote:
On Wed, Oct 13 2021 at 10:22:14 AM +0200, Hans de Goede <hdegoede@xxxxxxxxxx> wrote:
Making what IMHO is a poor default of always using sssd everywhere
hardcoded even deeper into Fedora seems like a bad idea to me.

I think we can fix this at the same time. Make authselect default to its minimal profile rather than its sssd profile, and make realmd responsible for running authselect to enable the sssd profile when it is required. I think realmd is already capable of installing the dependencies it needs when enabled, right? This way, most Fedora systems would no longer run sssd, but enabling enterprise login would not require manual configuration for those who need it.

Minimal profile is really minimal and does not provide almost any flexibility so imho it should not be used as a default. We could however create a new profile e.g. "local".

SSSD is default because it was serving local users as well. This in no longer true since F35 [1], so there is certainly a possibility to switch the default, if the community desires it and it is certainly beneficial to do it together with this change.

I don't see a strong reason to change the default profile. Local users go through nss_files and pam_unix, if SSSD is not running it does not do anything.

That being said, if there is a strong desire to create a non-sssd profile for local users only, I will definitely not oppose it. Please, create a change page (needs to be system-wide since changes in anaconda are required), if accepted I can implement required changes or review a pull request.

The reason why I'd like to have separate change for this is that 1) "Make authselect mandatory" will use whatever default is chosen 2) Either change can be accepted or refused 3) Discussion will be restricted to one topic.

Thank you,
Pavel

[1] https://fedoraproject.org/wiki/Changes/FlexibleLocalUserCache


Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux