On Thu, 27 May 2010 17:18:29 -0400 Dmitri Pal <d...@redhat.com> wrote:
> Petter Reinholdtsen wrote: > > At the moment, if sssd is given the example sssd.conf file, sssd > > reuses to start. In Debian and Ubuntu, the example sssd.conf file > > is patched like this and installed in /etc/sssd/sssd.conf to make > > sure the sssd package get an operational daemon when the package is > > installed. > > > > > > I wonder what is the current behavior when there are no back ends > configured. With no domains configured sssd does not start. > Having the local domain being the default IMO sends a wrong message. > I think if there are no domains configured the SSSD should return the > code that will instruct NSS to fail over to the next NSS module in the > chain. If sssd is shut off nss_sss simply returns and the nest module (if any) in the chain is normally processd of course. > Same with the PAM. Same with PAM of course. > So instead of making SSSD be configured to use local domain by default > the solution IMO should be: > * Configure SSSD to use real domain (this is what SSSD is for) > * Configure PAM and NSS config files using legacy methods to take over > if SSSD indicates that it is not configured. > > Thoughts? Petter was talking about a default configuration before the user configures sssd. Configuring pam and nss to always point at sss modules is ok, they cope with an sssd not running just fine. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel