On Thu, Feb 15, 2018 at 11:10:16AM -0500, Rob Crittenden via FreeIPA-devel
wrote:
> Petr Vobornik via FreeIPA-devel wrote:
> > On Thu, Feb 15, 2018 at 4:47 PM, Jakub Hrozek via FreeIPA-devel
> > <freeipa-devel@lists.fedorahosted.org> wrote:
> >> On Thu, Feb 15, 2018 at 08:57:55AM -0500, Rob Crittenden via FreeIPA-devel
> >> wrote:
> >>> Alexander Koksharov via FreeIPA-devel wrote:
> >>>> Hello,
> >>>>
> >>>> Please take a look on a design page here:
> >>>> https://www.freeipa.org/page/V4/Authselect_migration
> >>>> I would like to
> >>>>
> >>>> hear you critics and suggessions.
> >>>
> >>>
> >>> On a non-technical note there are a number of spelling and grammatical
> >>> errors.
> >>>
> >>> You assert that non-SSSD is deprecated. Is that true? And is that
> >>> because authselect is choosing not to support it?
> >>
> >> Yes.
> >>
> >>> I'm ok with it and it
> >>> simplifies options a lot but I don't recall a conversation about that
> >>> before now. This is particularly important for in-place upgrades.
> >>
> >> What kind of a setup has non-SSSD clients? SSSD has been the default
> >> since RHEL-6 and I even thought the IPA installer dropped support for
> >> non-SSSD clients, but I haven't really checked.
> >
> > --no-sssd option in ipa-client-install was marked as deprecated in
> > https://github.com/freeipa/freeipa/pull/848 (summer 2017). As part of
> > https://pagure.io/freeipa/issue/5860 - spin of
> > https://pagure.io/freeipa/issue/5557. Origin was that IPA client
> > doesn't bring dependencies for --no-sssd.
> >
> > I.e. the deprecation is quite new.
> >
> > Installation without SSSD is AFAIK not tested upstream.
> >
>
> Bleh. Documenting ONLY in the command-line? Not even the man page?
>
> The RHEL docs don't mention --no-sssd at all apparently so there's that.
>
> There seems to be no consideration of someone who installed with
> --no-sssd in a supported version and has since upgraded.
>
> I'm not advocating for --no-sssd but there was a real use-case when it
> was introduced. It is likely not the case now but there may still be
> corner cases.
Pavel, can you remind me what the upgrade plan was for authselect? Was
it simply 'don't touch the system' ?
Does IPA call auth{select,config} during upgrades at all?
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
