On 03.03.2017 16:53, Rob Crittenden wrote:
> Harald Dunkel wrote:
>> On 03/03/17 10:14, Jakub Hrozek wrote:
>>> On Fri, Mar 03, 2017 at 09:56:55AM +0100, Harald Dunkel wrote:
>>>> This is systemd-only?
>>>> Wouldn't it be better to create a working sssd.conf, no matter
>>>> what?
>>> It is up to whoever is creating the sssd.conf. As I said, the change is
>>> backwards-compatible. If you want the services to be started by sssd,
>>> then list them in the services line. If you want to have them started on
>>> demand and have a simpler configuration, you rely on the systemd services
>>> manager.
>> Understood. I will try 1.15.1 as soon as possible.
>> Reading ipa-client-install it appears to me that the other
>> services haven't been omitted on purpose. I have the
>> impression that nss and pam have simply been forgotten.
>> sssd's ssh service is defined only if ipa-client-install
>> is allowed to touch the ssh or sshd configuration, but I
>> have *no* idea why there is such a correlation.
>> Would somebody mind to look into this?
> This is managed by authconfig on Fedora/RHEL systems. Not sure what
> Debian does in this regard. Timo?

pam-auth-update configures pam, there's nothing else to be configured..
I just ran ipa-client-install on Ubuntu zesty with freeipa-client
4.4.3-3ubuntu1, and services on the newly created sssd.conf look fine:

services = nss, sudo, pam, ssh


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to