rpms / authselect

Clone
Source Code
GIT

Blame SOURCES/9003-rhel9-sssd-default-to-files-first-for-users-and-grou.patch

c8 c8-beta c8s c9 c9-beta
  1.   93643d2d14a7554110850442aa81de7e5a742156
  2.   SOURCES
  3.   9003-rhel9-sssd-default-to-files-first-for-users-and-grou.patch
Blob History Raw
93643d 
From 9fc2d8061c811c4522484f4cb62a2025fe9282b2 Mon Sep 17 00:00:00 2001
93643d 
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
93643d 
Date: Thu, 18 Feb 2021 13:38:53 +0100
93643d 
Subject: [PATCH 3/3] rhel9: sssd: default to files first for users and groups
93643d
93643d 
The passwd and group databases will now default to files first.
93643d 
The order "sss files" can be enabled with "with-files-provider"
93643d 
feature.
93643d 
---
93643d 
 profiles/sssd/README        | 5 +++++
93643d 
 profiles/sssd/REQUIREMENTS  | 4 ++++
93643d 
 profiles/sssd/nsswitch.conf | 4 ++--
93643d 
 3 files changed, 11 insertions(+), 2 deletions(-)
93643d
93643d 
diff --git a/profiles/sssd/README b/profiles/sssd/README
93643d 
index ac063e8d065d0488279dc2381bdd7f8ac361bfcb..699d490b90710a53c3959f196b9ef435149a4bd0 100644
93643d 
--- a/profiles/sssd/README
93643d 
+++ b/profiles/sssd/README
93643d 
@@ -76,6 +76,11 @@ with-sudo::
93643d 
 with-pamaccess::
93643d 
     Check access.conf during account authorization.
93643d
93643d 
+with-files-domain::
93643d 
+    If set, SSSD will be contacted before "files" when resolving users and
93643d 
+    groups. The order in nsswitch.conf will be set to "sss files" instead of
93643d 
+    "files sss" for passwd and group maps.
93643d 
+
93643d 
 with-files-access-provider::
93643d 
     If set, account management for local users is handled also by pam_sss. This
93643d 
     is needed if there is an explicitly configured domain with id_provider=files
93643d 
diff --git a/profiles/sssd/REQUIREMENTS b/profiles/sssd/REQUIREMENTS
93643d 
index cbffac54bbd2598c2a53cd3014ebeb271dad9c57..ba3b3bd0fa143c3cc74d00faaf6ff94a2b4aaf84 100644
93643d 
--- a/profiles/sssd/REQUIREMENTS
93643d 
+++ b/profiles/sssd/REQUIREMENTS
93643d 
@@ -14,3 +14,7 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo
93643d 
 - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module                       {include if "with-mkhomedir"}
93643d 
   is present and oddjobd service is enabled and active                                    {include if "with-mkhomedir"}
93643d 
   - systemctl enable --now oddjobd.service                                                {include if "with-mkhomedir"}
93643d 
+                                                                                          {include if "with-files-domain"}
93643d 
+- with-files-domain is selected, make sure the files provider is enabled in SSSD          {include if "with-files-domain"}
93643d 
+  - set enable_files_domain=true in [sssd] section of /etc/sssd/sssd.conf                 {include if "with-files-domain"}
93643d 
+  - or create a custom domain with id_provider=files                                      {include if "with-files-domain"}
93643d 
\ No newline at end of file
93643d 
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
93643d 
index 9734bbbe68e7cf73a4a560e3573162d353e551e8..91c9fe9ef60fde07d55269247c885db0f738c776 100644
93643d 
--- a/profiles/sssd/nsswitch.conf
93643d 
+++ b/profiles/sssd/nsswitch.conf
93643d 
@@ -1,5 +1,5 @@
93643d 
-passwd:     sss files systemd   {exclude if "with-custom-passwd"}
93643d 
-group:      sss files systemd   {exclude if "with-custom-group"}
93643d 
+passwd:     {if "with-files-domain":sss files|files sss} systemd   {exclude if "with-custom-passwd"}
93643d 
+group:      {if "with-files-domain":sss files|files sss} systemd   {exclude if "with-custom-group"}
93643d 
 netgroup:   sss files           {exclude if "with-custom-netgroup"}
93643d 
 automount:  sss files           {exclude if "with-custom-automount"}
93643d 
 services:   sss files           {exclude if "with-custom-services"}
93643d 
--
93643d 
2.29.2
93643d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation