On pe, 23 helmi 2018, Pavel Březina via FreeIPA-devel wrote:
On 02/23/2018 12:57 PM, Martin Kosek wrote:
On 02/21/2018 10:25 AM, Pavel Březina via FreeIPA-devel wrote:

​ ​
couple of scenarious here:
- install server
 install it and configure with authselect. there is no --no-sssd option
for the server installation
- upgrade server
 bakup authselect configuration. apply authselect sssd profile
overwriting what was there before.

Why do you call authselect during server update? Shouldn't the system be
already configured?

In FreeIPA server, we want to make sure that authselect profile is
activated, so that this FreeIPA server's PAM stack receives further
updates in case the authselect profile gets some fixes in. If it still
has the manual PAM configuration via old authconfig, it would not
receive such updates. Is that true?

It is true. But the same applies currently with authconfig. So if authconfig is run again during server update than sure, it should be there.
We do not run authconfig on each server upgrade. An idea to re-write
configuration every upgrade sounds interesting but I don't think we are
close to get it properly implemented before we switch to Ansible

/ Alexander Bokovoy
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to