On Thu, Mar 21, 2024 at 10:04 PM Tero Saarni <[email protected]> wrote:
> On Thu, Mar 21, 2024 at 10:21 PM Alexey Tikhonov <[email protected]> > wrote: > >> It's been awhile but... quite a lot of work has been done: >> see https://github.com/SSSD/sssd/issues/5443#issuecomment-2013505460 for >> the list >> and TODO list in the description of >> https://github.com/SSSD/sssd/pull/7193 for remaining bits. >> >> Upcoming sssd-2.10 should be capable of running in an unprivileged >> container without user-ns support (i.e. still OCP, but Kubernetes already >> has this feature). >> >> I could also build a general purpose SSSD container image, but I would >> need to understand requirements / typical use cases and see an interest / >> demand for this. >> > > Very impressive work! > > Not sure if there could be a use case for *generic* container. At least in > my use case we add client applications inside the same container > Is this a "single UID" container (i.e. SSSD and client apps run under the same UID within container namespace)? What do you use as an entry point of the container / how do you manage (start of) multiple processes? What authentication means do you use? If this is Kerberos, does your app use TGT acquired during authentication? > , which makes it non-generic. But surely it would be of great value to > have an *example* on how to configure and run sssd within a non-root > container for this kind of purpose. > > -- > Tero >
-- _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
