[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] Adding SSSD client bits to Fedora Atomic Host
- From: Jan Pazdziora <jpazdziora redhat com>
- To: atomic-devel projectatomic io
- Subject: Re: [atomic-devel] Adding SSSD client bits to Fedora Atomic Host
- Date: Tue, 27 Oct 2015 11:51:23 +0100
On Mon, Oct 26, 2015 at 01:08:01PM +0100, Jan Pazdziora wrote:
>
> the SSSD container contains both the SSSD daemon and
> ipa-client-install and realmd for joining the Atomic Host to IPA or
> Active Directory.
>
> However, when used by commands on the Atomic Host, like by sshd or by
> sudo, some shared libraries are needed on the host so that the
> daemons/programs (that run on the host, outside of the container) can
> load them and talk to SSSD via Unix sockets or read the caches.
>
> I've identified the following libraries as needed for typical
> use-cases:
>
> /usr/lib64/libnss_sss.so.2
> /usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
> /usr/lib64/libsss_sudo.so
> /usr/lib64/security/pam_sss.so
> /usr/lib64/security/pam_oddjob_mkhomedir.so
>
> What is the process of getting packages with these libraries (and
> their dependencies) added to Fedora Atomic Host ostree?
Specifically I believe the attached patch against
https://git.fedorahosted.org/cgit/fedora-atomic.git master branch
might be a good start.
It does not include sssd-common that carries /usr/lib64/libsss_sudo.so
to minimize the size footprint of this change. We hope to move that
shared library to sssd-client via
https://fedorahosted.org/sssd/ticket/2855
so the sudo integration will happen when that is done.
Once the master patch is merged (or acked), I plan to provide separate
patches for Fedora 22 and 23 branches.
If there's better way to propose patches or I'm totally of WRT where
the change should be, I'd appreciate the pointers.
Thank you,
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
>From f871a8c3f9ed5fcdcf2ec7d660b64ff2ffa4f687 Mon Sep 17 00:00:00 2001
From: Jan Pazdziora <jpazdziora redhat com>
Date: Tue, 27 Oct 2015 11:43:40 +0100
Subject: [PATCH] Adding sssd-client for PAM and NSS and oddjob-mkhomedir for
homedir population.
See:
- https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2015-October/msg00055.html
---
fedora-atomic-docker-host.json | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fedora-atomic-docker-host.json b/fedora-atomic-docker-host.json
index ad9669b..c5fe6cf 100644
--- a/fedora-atomic-docker-host.json
+++ b/fedora-atomic-docker-host.json
@@ -23,7 +23,7 @@
"check-groups": { "type": "file", "filename": "group" },
"packages": ["atomic",
- "glibc", "nss-altfiles", "shadow-utils",
+ "glibc", "nss-altfiles", "shadow-utils", "sssd-client",
"fedora-release",
"dracut-config-generic", "kernel",
"dracut-network",
@@ -68,7 +68,8 @@
"kubernetes", "etcd",
"flannel",
"docker",
- "iscsi-initiator-utils"],
+ "iscsi-initiator-utils",
+ "oddjob-mkhomedir"],
"default_target": "multi-user.target",
--
2.4.3
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]