authconfig is still failing on first run if sssd is not enabled, and Kerberos is #40

nkadel-skyhook · 2016-10-31T17:10:56Z

When LDAP is not enabled, and Kerberos, the sssd.conf file is being updated with Kerberos configurations. But the sssd daemon should not, and on CentOS 6 and 7 cannot run. So the first chef run enabling Kerberos fails because of an attempt to restart sssd, which is a disabled daemon due to the other settings made by authconfig.

You and I have discussed this before: it's still a confusing bug to most. Running chef twice because that ignores broken operations under the first run is not a good approach to configuring security related software.

jcam · 2016-10-31T19:04:56Z

agreed, not a good approach at all.
I'm waiting for @Sauraus who already went to the trouble of merging a few of the different PRs that add 7 support, fix some of these bugs, etc... he's testing it now. Maybe he has his version available somewhere and we can all get to testing it...
#35

Sauraus · 2017-01-13T17:16:14Z

I believe this P4 solves the CentOS 7 & ldap problem because I have the very same setup: #41

jcam · 2017-03-21T23:53:25Z

merged #41 which should resolve this

jcam · 2017-04-03T18:53:52Z

i'm seeing weird issues with nslcd in this version.. hmm...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

authconfig is still failing on first run if sssd is not enabled, and Kerberos is #40

authconfig is still failing on first run if sssd is not enabled, and Kerberos is #40

nkadel-skyhook commented Oct 31, 2016

jcam commented Oct 31, 2016

Sauraus commented Jan 13, 2017

jcam commented Mar 21, 2017

jcam commented Apr 3, 2017

authconfig is still failing on first run if sssd is not enabled, and Kerberos is #40

authconfig is still failing on first run if sssd is not enabled, and Kerberos is #40

Comments

nkadel-skyhook commented Oct 31, 2016

jcam commented Oct 31, 2016

Sauraus commented Jan 13, 2017

jcam commented Mar 21, 2017

jcam commented Apr 3, 2017