Mailinglist Archive: opensuse-features (518 mails)

< Previous Next >
[openFATE 310176] Switch to sssd for LDAP/Kerberos authentication
  • From: fate_noreply@xxxxxxx
  • Date: Thu, 5 Aug 2010 17:49:24 +0200 (CEST)
  • Message-id: <feature-310176-9@xxxxxxxxxxxxxx>
Feature changed by: Matthias Eckermann (mge1512)
Feature #310176, revision 9
Title: Switch to sssd for LDAP/Kerberos authentication

openSUSE-11.4: Evaluation
Priority
Requester: Mandatory

Requested by: Ralf Haferkamp (rhafer)
Developer: (Novell)

Description:
Because of the various issues we face with nss_ldap/pam_ldap (see e.g.
bug#477061, bug#157078 and others) and because of the added value sssd
gives us (e.g. offline support, integrated kerberos support). We should
change yast2-ldap-client to configure sssd instead of
nss_ldap/pam_ldap/pam_kerberos.
sssd packages are already available for 11.3. We still need to add
support for it in pam-config.

Relations:
- related feature (feature/id: 308902)
- nss_ldap issue #2 (novell/bugzilla/id: 157078)
https://bugzilla.novell.com/show_bug.cgi?id=157078
- nss_ldap issue #1 (novell/bugzilla/id: 598158)
https://bugzilla.novell.com/show_bug.cgi?id=598158

Discussion:
#1: Andreas Jaeger (a_jaeger) (2010-07-20 09:37:55)
Note: This feature tracks the basesystem changes for this, especially
pam_ldap. The YaST part is tracked in fate#308902.

#4: Andreas Jaeger (a_jaeger) (2010-07-20 11:01:40) (reply to #1)
Correction pam-config instead of pam_ldap since pam_ldap does not need
to be changed.

#2: Andreas Jaeger (a_jaeger) (2010-07-20 09:40:20)
It also tracks changes in glibc to fix bnc#621454 and bnc#477061.

#5: Bidossessi SODONON (bidossessi) (2010-08-05 17:32:41)
Does this feature imply replacing both the LDAP client and Kerberos
client modules with a single SSSD module in Yast? Would that be
advisable for servers?

+ #6: Matthias Eckermann (mge1512) (2010-08-05 17:49:22) (reply to #5)
+ It's far too early to talk about replacement in my view: while sssd
+ sounds not too bad as of today, experience and code consolidation will
+ show, if it is the right way for the future. We should include it in
+ future versions for openSUSE to give it a real field testing before
+ cutting the proven modules.



--
openSUSE Feature:
https://features.opensuse.org/310176

< Previous Next >
This Thread
References