On Tue, Sep 8, 2020, at 10:53 AM, Andreas Hasenack wrote:
> Hi,
>
> This is more of a realmd question than sssd, but closely related.
>
> Debian and Ubuntu defaulted to socket activated systemd services for
> all the sssd-* daemons. So they are started on demand.
>
> realmd currently always adds a "services = nss, pam" line (or augments
> it if it's there already). sssd will then start nss and pam, but so
> will systemd, and that creates a (apparently harmless) conflict and
> logs errors to the logs.
>
> I don't know if there is a way for realmd to detect this scenario and
> not add that services line, or if there should be a command-line
> option for it? Or maybe something in realm-<distro>.conf even?
>
> At the moment I'm just disabling adding the services line. Is this too
> horrible?
In my experience on RHEL 8, some of the services are unreliable when activated
in this manner. The services line never fails. I believe the .service (or
.socket) files on RHEL 8 are written to avoid any collision. Specially, I think
the socket activated version is a no op if the services line one is running.
V/r,
James Cassell
>
> --- a/service/realm-sssd-config.c
> +++ b/service/realm-sssd-config.c
> @@ -154,8 +154,6 @@
> g_strfreev (already);
>
> /* Setup a default sssd section */
> - if (!realm_ini_config_have (config, "section", "services"))
> - realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL);
> if (!realm_ini_config_have (config, "sssd", "config_file_version"))
> realm_ini_config_set (config, "sssd", "config_file_version", "2",
> NULL);
>
> --- a/tests/test-sssd-config.c
> +++ b/tests/test-sssd-config.c
> @@ -90,7 +90,7 @@
> gconstpointer unused)
> {
> const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
> - const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one,
> two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos
> = 2\n";
> + const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one,
> two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
> GError *error = NULL;
> gchar *output;
> gboolean ret;
> @@ -140,7 +140,7 @@
> test_add_domain_only (Test *test,
> gconstpointer unused)
> {
> - const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version
> = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
> + const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version
> = 2\n\n[domain/two]\ndos = 2\n";
> GError *error = NULL;
> gchar *output;
> gboolean ret;
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
