Mailinglist Archive: opensuse-features (518 mails)

< Previous Next >
[openFATE 310176] Switch to sssd for LDAP/Kerberos authentication
  • From: fate_noreply@xxxxxxx
  • Date: Thu, 5 Aug 2010 17:32:49 +0200 (CEST)
  • Message-id: <feature-310176-8@xxxxxxxxxxxxxx>
Feature changed by: Bidossessi SODONON (bidossessi)
Feature #310176, revision 8
Title: Switch to sssd for LDAP/Kerberos authentication

openSUSE-11.4: Evaluation
Requester: Mandatory

Requested by: Ralf Haferkamp (rhafer)
Developer: (Novell)

Because of the various issues we face with nss_ldap/pam_ldap (see e.g.
bug#477061, bug#157078 and others) and because of the added value sssd
gives us (e.g. offline support, integrated kerberos support). We should
change yast2-ldap-client to configure sssd instead of
sssd packages are already available for 11.3. We still need to add
support for it in pam-config.

- related feature (feature/id: 308902)
- nss_ldap issue #2 (novell/bugzilla/id: 157078)
- nss_ldap issue #1 (novell/bugzilla/id: 598158)

#1: Andreas Jaeger (a_jaeger) (2010-07-20 09:37:55)
Note: This feature tracks the basesystem changes for this, especially
pam_ldap. The YaST part is tracked in fate#308902.

#4: Andreas Jaeger (a_jaeger) (2010-07-20 11:01:40) (reply to #1)
Correction pam-config instead of pam_ldap since pam_ldap does not need
to be changed.

#2: Andreas Jaeger (a_jaeger) (2010-07-20 09:40:20)
It also tracks changes in glibc to fix bnc#621454 and bnc#477061.

+ #5: Bidossessi SODONON (bidossessi) (2010-08-05 17:32:41)
+ Does this feature imply replacing both the LDAP client and Kerberos
+ client modules with a single SSSD module in Yast? Would that be
+ advisable for servers?

openSUSE Feature:

< Previous Next >
This Thread