On 02/15/2018 05:15 PM, Jakub Hrozek via FreeIPA-devel wrote:
On Thu, Feb 15, 2018 at 11:10:16AM -0500, Rob Crittenden via FreeIPA-devel
wrote:
Petr Vobornik via FreeIPA-devel wrote:
On Thu, Feb 15, 2018 at 4:47 PM, Jakub Hrozek via FreeIPA-devel
<freeipa-devel@lists.fedorahosted.org> wrote:
On Thu, Feb 15, 2018 at 08:57:55AM -0500, Rob Crittenden via FreeIPA-devel
wrote:
Alexander Koksharov via FreeIPA-devel wrote:
Hello,
Please take a look on a design page here:
https://www.freeipa.org/page/V4/Authselect_migration
I would like to
hear you critics and suggessions.
On a non-technical note there are a number of spelling and grammatical
errors.
You assert that non-SSSD is deprecated. Is that true? And is that
because authselect is choosing not to support it?
Yes.
I'm ok with it and it
simplifies options a lot but I don't recall a conversation about that
before now. This is particularly important for in-place upgrades.
What kind of a setup has non-SSSD clients? SSSD has been the default
since RHEL-6 and I even thought the IPA installer dropped support for
non-SSSD clients, but I haven't really checked.
--no-sssd option in ipa-client-install was marked as deprecated in
https://github.com/freeipa/freeipa/pull/848 (summer 2017). As part of
https://pagure.io/freeipa/issue/5860 - spin of
https://pagure.io/freeipa/issue/5557. Origin was that IPA client
doesn't bring dependencies for --no-sssd.
I.e. the deprecation is quite new.
Installation without SSSD is AFAIK not tested upstream.
Bleh. Documenting ONLY in the command-line? Not even the man page?
The RHEL docs don't mention --no-sssd at all apparently so there's that.
There seems to be no consideration of someone who installed with
--no-sssd in a supported version and has since upgraded.
I'm not advocating for --no-sssd but there was a real use-case when it
was introduced. It is likely not the case now but there may still be
corner cases.
Pavel, can you remind me what the upgrade plan was for authselect? Was
it simply 'don't touch the system' ?
Upgraded systems will not be touched.
I need to bring up a discussion about how to package this change
properly, but now there is authselect-compat (obsoletes authconfig)
which provides /sbin/authconfig. If it is run after upgrade, authselect
will be used. But otherwise the configuration will not be touched.
Does IPA call auth{select,config} during upgrades at all?
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
