Stephen Gallagher wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Recently there has been a lot of activity in Trac surrounding our > support for invoking the legacy shadow-utils tools for managing legacy > files-based domains. This has raised some questions over the utility of > this feature. > > First of all, there is an unreasonable amount of code implemented to > handle the logic of determining into which domain we're attempting to > add a user. > > Secondly, the legacy local users (provider=files) is the only non-native > backend that we're providing any special handling for. I'm not sure I > see the utility in exerting so much effort supporting a configuration we > hope to be phasing out. > > So my proposal is to have the sss_* tools support only the native local > domain in the SSSD (provider=local). By extension, I also propose that > we mandate that a valid config must have exactly one provider=local > domain (it can hold whatever name the administrator desires, but it > should always be there). There should never be more than one, as that > doesn't really make sense and would similarly introduce the complexity > of adding users to the domains. > > In summary, I feel that the sssd commandline user and group tools should > manipulate only the SSSD native local users and groups, and all > configurations of the SSSD need to ensure that a native local domain is > present. > > Please raise questions and comments in reply to this message. > +1 And provide a tool to migrate legacy local users and groups to the local domain. > - -- > Stephen Gallagher > RHCE 804006346421761 > > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkqJpmEACgkQeiVVYja6o6OvHwCgpc6NLUlgj+jFHWTWbpMOj4e4 > ilwAn3xDugbXQv71sH14WcSK0PwCUEh2 > =6L5u > -----END PGP SIGNATURE----- > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel > >
-- Jenny Galipeau <jgali...@redhat.com> Principal Software QA Engineer Red Hat, Inc. Security Engineering _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel