Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=821894 (Red Hat Enterprise Linux 6)
Description of problem: Currently in SSSD when you want to use only an id_provider and don't want to use an auth_provider for a certain backend (for example NIS) you will need to create an empty proxy_pam_target file. This is needed because if you leave the auth_provider empty (because you aren ot using one) SSSD will assume the same value applies as is used for id_provider and you are required to enter a value for proxy_pam_target for SSSD to start up correctly. Version-Release number of selected component (if applicable): sssd-1.5.1-66.el6_2.3.x86_64 How reproducible: Configure SSSD to use a backend that only requires an id_provider and leave the auth_provider empty. Steps to Reproduce: 1. Configure SSSD as follows: [sssd] config_file_version = 2 services = nss, pam domains = lab [nss] filter_groups = root filter_users = root reconnection_retries = 3 entry_cache_timeout = 300 entry_cache_nowait_percentage = 75 pwfield = x [pam] [domain/lab] id_provider = proxy proxy_lib_name = nis Note: there is no proxy_pam_target directive 2. Start up SSSD, you will see the following error: (Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (7): Loading backend [proxy] with path [/usr/lib64/sssd/libsss_proxy.so]. (Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (5): no module name found in confdb, using [proxy]. (Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (7): Backend [proxy] already loaded. (Tue May 15 16:06:14 2012) [sssd[be[lab]]] [sssm_proxy_auth_init] (1): Missing option proxy_pam_target. (Tue May 15 16:06:14 2012) [sssd[be[lab]]] [load_backend_module] (0): Error (22) in module (proxy) initialization (sssm_proxy_auth_init)! (Tue May 15 16:06:14 2012) [sssd[be[lab]]] [be_process_init] (0): fatal error initializing data providers (Tue May 15 16:06:14 2012) [sssd[be[lab]]] [main] (0): Could not initialize backend [22] 3. SSSD now does not function. 4. Now add proxy_pam_target to the lab domain: [domain/lab] id_provider = proxy proxy_lib_name = nis proxy_pam_target = sss_lab 5. Create an empty file /etc/pam.d/sss_lab 6. Start SSSD, you will see it start properly. Actual results: SSSD starts but "fake" configuration directives are needed to get it to start. Expected results: You can configure SSSD to not use an auth_provider so that it is clear from the configuration file no auth_provider is used. Additional info:
Fields changed
blockedby: => blocking: => coverity: => feature_milestone: => keywords: => easyfix milestone: NEEDS_TRIAGE => SSSD Deferred tests: => 0 testsupdated: => 0 upgrade: => 0
Ariel found out that the requested behaviour seems to have been already implemented.
From data_provider_be.c:
1882 if (strcasecmp(mod_name, NO_PROVIDER) == 0) { 1883 ret = ENOENT; 1884 goto done; 1885 }
Moving back to NEEDS_TRIAGE mostly because of the associated RHBZ.
milestone: SSSD Deferred => NEEDS_TRIAGE
milestone: NEEDS_TRIAGE => SSSD 1.11 beta
proposed_priority: => Optional
Closing as WORKSFORME. The original bug was that the user was assuming that unspecified == none, which is not the case. I will update the BZ as well.
resolution: => worksforme status: new => closed
This ticket has been evaluated for inclusion into SSSD 1.10 release and was decided to be excluded since it does not match the main goals and themes of the release. It might be considered for later releases.
milestone: SSSD 1.11 beta => SSSD 1.12 beta
Metadata Update from @sgallagh: - Issue set to the milestone: SSSD 1.14 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2381
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.