Feature changed by: Matthias Eckermann (mge1512) Feature #310176, revision 9 Title: Switch to sssd for LDAP/Kerberos authentication openSUSE-11.4: Evaluation Priority Requester: Mandatory Requested by: Ralf Haferkamp (rhafer) Developer: (Novell) Description: Because of the various issues we face with nss_ldap/pam_ldap (see e.g. bug#477061, bug#157078 and others) and because of the added value sssd gives us (e.g. offline support, integrated kerberos support). We should change yast2-ldap-client to configure sssd instead of nss_ldap/pam_ldap/pam_kerberos. sssd packages are already available for 11.3. We still need to add support for it in pam-config. Relations: - related feature (feature/id: 308902) - nss_ldap issue #2 (novell/bugzilla/id: 157078) https://bugzilla.novell.com/show_bug.cgi?id=157078 - nss_ldap issue #1 (novell/bugzilla/id: 598158) https://bugzilla.novell.com/show_bug.cgi?id=598158 Discussion: #1: Andreas Jaeger (a_jaeger) (2010-07-20 09:37:55) Note: This feature tracks the basesystem changes for this, especially pam_ldap. The YaST part is tracked in fate#308902. #4: Andreas Jaeger (a_jaeger) (2010-07-20 11:01:40) (reply to #1) Correction pam-config instead of pam_ldap since pam_ldap does not need to be changed. #2: Andreas Jaeger (a_jaeger) (2010-07-20 09:40:20) It also tracks changes in glibc to fix bnc#621454 and bnc#477061. #5: Bidossessi SODONON (bidossessi) (2010-08-05 17:32:41) Does this feature imply replacing both the LDAP client and Kerberos client modules with a single SSSD module in Yast? Would that be advisable for servers? + #6: Matthias Eckermann (mge1512) (2010-08-05 17:49:22) (reply to #5) + It's far too early to talk about replacement in my view: while sssd + sounds not too bad as of today, experience and code consolidation will + show, if it is the right way for the future. We should include it in + future versions for openSUSE to give it a real field testing before + cutting the proven modules. -- openSUSE Feature: https://features.opensuse.org/310176