On 03.03.2017 16:53, Rob Crittenden wrote: > Harald Dunkel wrote: >> On 03/03/17 10:14, Jakub Hrozek wrote: >>> On Fri, Mar 03, 2017 at 09:56:55AM +0100, Harald Dunkel wrote: >>>> >>>> This is systemd-only? >>>> >>>> Wouldn't it be better to create a working sssd.conf, no matter >>>> what? >>> >>> It is up to whoever is creating the sssd.conf. As I said, the change is >>> backwards-compatible. If you want the services to be started by sssd, >>> then list them in the services line. If you want to have them started on >>> demand and have a simpler configuration, you rely on the systemd services >>> manager. >>> >> >> Understood. I will try 1.15.1 as soon as possible. >> >> Reading ipa-client-install it appears to me that the other >> services haven't been omitted on purpose. I have the >> impression that nss and pam have simply been forgotten. >> >> sssd's ssh service is defined only if ipa-client-install >> is allowed to touch the ssh or sshd configuration, but I >> have *no* idea why there is such a correlation. >> >> Would somebody mind to look into this? > > This is managed by authconfig on Fedora/RHEL systems. Not sure what > Debian does in this regard. Timo?
pam-auth-update configures pam, there's nothing else to be configured.. I just ran ipa-client-install on Ubuntu zesty with freeipa-client 4.4.3-3ubuntu1, and services on the newly created sssd.conf look fine: services = nss, sudo, pam, ssh -- t -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project