Mailinglist Archive: opensuse-features (365 mails)

< Previous Next >
[openFATE 308900] SSSD to be included in openSUSE
  • From: fate_noreply@xxxxxxx
  • Date: Tue, 9 Mar 2010 09:34:43 +0100 (CET)
  • Message-id: <feature-308900-6@xxxxxxxxxxxxxx>
Feature changed by: Ralf Haferkamp (rhafer)
Feature #308900, revision 6
- Title: Request SSSD to be installed by default
+ Title: SSSD to be included in openSUSE

openSUSE-11.3: Unconfirmed
Priority
Requester: Important

Requested by: David Alston (dalston)

Description:
I was requesting a feature through
http://bugzilla.novell.com/show_bug.cgi?id=574956
(http://bugzilla.novell.com/show_bug.cgi?id=574956)
and someone there suggested I create this feature request in OpenFATE.
Apparrently the package "SSSD" (with a little configuration work) will
solve a significant user support problem by caching LDAP passwords
locally so that laptops (and desktops) can continue to login without a
network connection.
Information on SSSD can be found at https://fedorahosted.org/sssd/

Use Case:
We use OpenSUSE and SLES/SLED in a diverse University
environment.  Many of our users are easily confused by multiple login-
ids and so we try to maintain single-signon whenever we can.  Folks
with windows laptops are able to authenticate to Active Directory and
have their username/password cached on their computer so that they can
login even if they are not connected to the domain.  This feature is
sorely missed on our OpenSUSE laptops (and some desktops).
Including the "SSSD" package (and making it easy to configure) would go
a *very* long way toward making OpenSUSE even more friendly to
Enterprise environments.

Discussion:
#1: Bidossessi SODONON (bidossessi) (2010-02-04 17:02:39)
I'm trying to think of the downsides of supporting this package, and i
can see none.
Of course, I'm in a situation where SSSD would scratch a major itch in
my network administration woes, since I use GoSA for my account
management needs. The above usecase is valid, but I have experienced
far more annoying side-effects trying to use LDAP as a desktop/laptop
login database:
My network is 100% wireless (mandated by management, despite all my
recommendations). I had this chicken and egg problem of having to setup
clients using ifup instead of NM because of LDAP logins, but whenever
an AP goes down for whatever reason, the users would be locked out,
with no way to switch to another potentially working AP.
With no solution in sight, I had to fallback to local accounts with NM,
and managing that is hell. We have a huge employee turnover. Using
nss_ldap had a lot of advantages on the desktop, (like automatic gecos
fetching or locking accounts) that i had to forego.
I made a Fate request sometime ago for alternate AP settings in Yast to
solve that issue, but this package would negate the need for it, AND
allow me to use LDAP accounts for my laptop users as well.
Sorry for the lenghty comment, but this request speaks to my heart :)

#2: Ralf Haferkamp (rhafer) (2010-03-09 09:17:23)
"installation by default" as stated in the feature's summary does seem
like a good idea currently. But providing packages in openSUSE (and
propably having YaST support in the future see
https://features.opensuse.org/308902) seems like a good idea. That's
why I have just submitted packages to Factory for inclusion into 11.3.

+ #3: Ralf Haferkamp (rhafer) (2010-03-09 09:34:38) (reply to #2)
+ Adjusted the features summary, to better reflect what's needed.



--
openSUSE Feature:
https://features.opensuse.org/308900

< Previous Next >
This Thread
References