Other than the obvious approach of enabling systemd-userdb for Ubuntu, which is a much larger discussion/decision, I think there are really only 2 ways to address this:
1) Include drop-in conf files for systemd-logind and systemd-udevd to remove the networking sandbox 2) add configuration documentation to nis and openldap instructing the system admin to create drop-in conf files for systemd-logind and systemd-udevd as part of system configuration Option #1 has the advantage of 'just working' without any local admin changing anything, but has the disadvantage of completely removing network sandboxing for logind/udevd. Option #2 has the advantage of keeping the sandboxing and allowing the admin to customize it more specifically, such as allowing networking only to specific nis/ldap servers instead of allowing all networking, but has the disadvantage of requiring the system admin to read the docs and actually perform the additional configuration. I'm skeptical of option #1 as the network sandboxing is a security feature, but also I'm pretty sure if we go with option #2 there will be plenty more bugs opened due to admins missing that part of the local system configuration. Any opinions or other ideas on approaches? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1934393 Title: systemd-logind network access is blocked, and breaks remote authentication configurations To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1934393/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
