[SSSD-users] Re: Is there a way to disable Mozilla NSS?

Tue, 14 Jan 2020 04:22:16 -0800 

Sure

On CentOS-7 SSSD installed via yum:
$ rpm -q sssd
sssd-1.16.4-21.el7.x86_64

$ sssd --version
1.16.4

$ ldd /sbin/sssd | grep -e nss -e crypto
        libnss3.so => /lib64/libnss3.so (0x00007f4928ccc000)
        libnssutil3.so => /lib64/libnssutil3.so (0x00007f4928a9c000)
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f4927dd7000)

On CentOS-7 SSSD built and installed by hand from source:
# /opt/sssd/usr/sbin/sssd --version
2.2.2

# ldd /opt/sssd/usr/sbin/sssd | grep -e nss -e crypto
        libcrypto.so.10 => /lib64/libcrypto.so.10 (0x00007f8bd6e54000)
        libnss3.so => /lib64/libnss3.so (0x00007f8bd4ee0000)
        libnssutil3.so => /lib64/libnssutil3.so (0x00007f8bd4cb0000)

As you can see in both versions SSSD is linked against OpenSSL libcrypto and 
Mozilla libnss libraries. 

I disabled as much as I could, I'm only interested in LDAP authentication and 
nothing less, still for some reason SSSD binary is linked with Mozilla NSS, as 
well as OpenSSL

# grep 'with-crypto' config.log
  $ ./configure --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc 
--localstatedir=/var --with-crypto=libcrypto --enable-nsslibdir=/lib64 
--enable-pammoddir=/lib64/security --disable-krb5-locator-plugin 
--disable-cifs-idmap-plugin --without-nfsv4-idmapd-plugin 
--disable-pac-responder --disable-nls --without-python2-bindings 
--without-python3-bindings --without-autofs --without-samba --without-kcm 
--without-selinux --without-semanage --without-manpages --without-libwbclient

Any ideas?
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to