Re: F36 Change: Make Authselect Mandatorry (System-Wide Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Pavel,

On 10/14/21 12:57 PM, Pavel Březina wrote:
> On 10/13/21 3:17 PM, Michael Catanzaro wrote:
>> On Wed, Oct 13 2021 at 10:22:14 AM +0200, Hans de Goede <hdegoede@xxxxxxxxxx> wrote:
>>> Making what IMHO is a poor default of always using sssd everywhere
>>> hardcoded even deeper into Fedora seems like a bad idea to me.
>>
>> I think we can fix this at the same time. Make authselect default to its minimal profile rather than its sssd profile, and make realmd responsible for running authselect to enable the sssd profile when it is required. I think realmd is already capable of installing the dependencies it needs when enabled, right? This way, most Fedora systems would no longer run sssd, but enabling enterprise login would not require manual configuration for those who need it.
> 
> Minimal profile is really minimal and does not provide almost any flexibility so imho it should not be used as a default. We could however create a new profile e.g. "local".
> 
> SSSD is default because it was serving local users as well. This in no longer true since F35 [1], so there is certainly a possibility to switch the default, if the community desires it and it is certainly beneficial to do it together with this change.
> 
> I don't see a strong reason to change the default profile. Local users go through nss_files and pam_unix, if SSSD is not running it does not do anything.

Sorry, I somehow completely missed the F35 change to make files the first entry
in nssswitch.conf by default now.

I see on the changes (1) page that SSSD now also no longer is started by default,
that is great. 

Since SSSD already no longer runs by default, then I see no need
for a special "local" profile.

Thank you for your work on this!

Regards,

Hans

1) https://fedoraproject.org/wiki/Changes/FlexibleLocalUserCache

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux