On pe, 16 helmi 2018, Petr Vobornik wrote:
On Fri, Feb 16, 2018 at 11:25 AM, Alexander Bokovoy via FreeIPA-devel
<freeipa-devel@lists.fedorahosted.org> wrote:
On pe, 16 helmi 2018, Alexander Koksharov via FreeIPA-devel wrote:
Would it be good to implement the change like this:
if authconfig is available then
use current flow
else
if authselect is available and not no-sssd then
use authselect to activate sssd profile
else
raise Error
done
done
Sounds good to me.
Petr, Jakub?
For default use case (with sssd), when both authselect and authconfig
are available it will use authconfing. Do we want that? Isn't the
purpose of authselect to provide better tested config.
If I understood ab yesterday correctly it was more about changing
current algorithm not changing the algorithm to not disturb the flow.
Current algo is:
authconfig --nisdomain=<domain>
if (sssd) then
authconfig --enablesssd
authconfig --enablesssdauth
else
authconfig --enableldap
authconfig --enableforcelegacy
authconfig --enablekrb5
authconfig --nostart
done
if (mkhomedir) then
authconfing --mkhomedir
done
so the change is more like:
set nisdomain in platform default way (directly or using authconfig)
if (sssd) then
do platform default (authselect or authconfig)
else:
raise if not authconfig
authconfig --enableldap
authconfig --enableforcelegacy
authconfig --enablekrb5
authconfig --nostart.
done
if (mkhomedir) then
platform default (authconfing | authselect)
done
I.e. prefer authselect in individual steps, then try authconfig.
Right, it is anyway a task for the platform implementation what to
prefer.
I want to note, though, we do not run these "separate" authconfig calls.
Instead, we gather them into a single call. So the logic flow above is
not reflecting the actual call flow.
--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
