#3590 proxy to files does not work with implicit_files_domain
Closed: Fixed 2 years ago Opened 2 years ago by lslebodn.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 1479283

Description of problem:

Please, update blog post:
https://jhrozek.wordpress.com/2015/07/17/get-rid-of-calling-manually-calling-ki
nit-with-sssds-help/

I upgraded from F25 to F26 and I needed workaround for automatic kinit after
login.

Version-Release number of selected component (if applicable):
sssd-1.15.2

My workaround:

If you have the same name of your local user as your kerberos user,
you can use this configuration of SSSD to reach atomatic `kinit` during
login proccess.

$ cat /etc/sssd/sssd.conf
[sssd]
domains = redhat.com
config_file_version = 2
services = nss,pam,ifp
default_domain_suffix = redhat.com

[ifp]
#debug_level = 10

[domain/redhat.com]
id_provider = proxy
proxy_lib_name = files

auth_provider = krb5
krb5_server = kerberos01.core.prod.int.ams2.redhat.com:88
krb5_realm = REDHAT.COM
krb5_store_password_if_offline = True

cache_credentials = True

Setup pam stack:
$ authconfig --enablenis --enablesssd --enablesssdauth --update

And reset SSSD:
$ systemctl restart sssd


When Lukas Slebodnik asked me for crating this BZ, he would like to see:
$ cat /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:      files nis sss systemd
shadow:     files nis sss
group:       files nis sss systemd
#initgroups: files

#hosts:     db files nisplus nis dns
hosts:      files mdns4_minimal [NOTFOUND=return] nis dns myhostname

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files nis sss

publickey:  nisplus

automount:  files nis sss
aliases:    files nisplus

Metadata Update from @lslebodn:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1479283

2 years ago

Metadata Update from @lslebodn:
- Issue set to the milestone: None

2 years ago

Metadata Update from @lslebodn:
- Issue tagged with: PR

2 years ago

Metadata Update from @lslebodn:
- Custom field version adjusted to 1.15.1

2 years ago

Metadata Update from @lslebodn:
- Issue close_status updated to: Fixed
- Issue set to the milestone: SSSD 1.16.1

2 years ago

Login to comment on this ticket.

Metadata