Mathieu Baudier kirjoitti 21.4.2023 klo 10.45:
Okay, so it got added to sssd due to
https://github.com/SSSD/sssd/issues/5893
so I wonder if ipa should stop doing the same, and remove the line
from
krb5.conf on upgrade.
Seems this is filed upstream already at
https://pagure.io/freeipa/issue/9267
but no fix available yet, so it needs to be fixed downstream first.
Ok, I had missed that it was already filed upstream.
Actually, the issue also occurs on RHEL 9.
I am well set up to test a patched Debian package if it can be helpful.
As I described in the original bug report above, the workaround is
either to delete /etc/krb5.conf.d/enable_sssd_conf_dir or to comment
the includedir line out.
It could be more robust to patch it at this level since
/etc/krb5.conf.d/enable_sssd_conf_dir is a static file, while
/etc/krb5.conf is modified by ipa-client-install. But on the long run,
the upstream fix will probably be at IPA level as you suggested, so
maybe it is safer to keep a patch there, and not to impact sssd.
Yes, the change should be in freeipa, sssd needs that for other use
cases where ipa is not involved.
--
t
