Hi Pavel, On 10/14/21 12:57 PM, Pavel Březina wrote: > On 10/13/21 3:17 PM, Michael Catanzaro wrote: >> On Wed, Oct 13 2021 at 10:22:14 AM +0200, Hans de Goede >> <hdego...@redhat.com> wrote: >>> Making what IMHO is a poor default of always using sssd everywhere >>> hardcoded even deeper into Fedora seems like a bad idea to me. >> >> I think we can fix this at the same time. Make authselect default to its >> minimal profile rather than its sssd profile, and make realmd responsible >> for running authselect to enable the sssd profile when it is required. I >> think realmd is already capable of installing the dependencies it needs when >> enabled, right? This way, most Fedora systems would no longer run sssd, but >> enabling enterprise login would not require manual configuration for those >> who need it. > > Minimal profile is really minimal and does not provide almost any flexibility > so imho it should not be used as a default. We could however create a new > profile e.g. "local". > > SSSD is default because it was serving local users as well. This in no longer > true since F35 [1], so there is certainly a possibility to switch the > default, if the community desires it and it is certainly beneficial to do it > together with this change. > > I don't see a strong reason to change the default profile. Local users go > through nss_files and pam_unix, if SSSD is not running it does not do > anything.
Sorry, I somehow completely missed the F35 change to make files the first entry in nssswitch.conf by default now. I see on the changes (1) page that SSSD now also no longer is started by default, that is great. Since SSSD already no longer runs by default, then I see no need for a special "local" profile. Thank you for your work on this! Regards, Hans 1) https://fedoraproject.org/wiki/Changes/FlexibleLocalUserCache _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
