#904 Create tool to seed a user for first-boot
Closed: Fixed None Opened 8 years ago by simo.

Some distributions will not activate the network interface until the user has logged in. This causes a chicken-egg problem as the user will not be available to the system until the machine fetches it at least once from the network.

We need to provide a tool that can be run at kickstart time or manually by an admin when a machine is being installed that allow to fetch all user data needed for a login [initgroups(username) will suffice] and set a pre-cached password so that at first boot the user will be allowed to login.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.7.0

We also need to consider the cloud use case when an instance is started in the cloud and the cloud does not have direct connectivity to the enterprise IPA/AD. In this case VPN should be started first but to start a VPN (for now manually) one needs to log into the machine first. To log into the VM you need the central identities pre-cashed.

The suggestion is to have a tool that would allow to grind the pre-cached LDB with the specified accounds and related groups and deliver this file via a config server. Such file can be created on the server side and then passed in instead of constructing it on the client side inside the VM from different parts using a client side tool.

You can tell gdm greeter to display a user account (if the user is valid and ldap works and/or pre-seed is done) by adding to /etc/gdm/custom.conf:
Include=user1,user2,user3 (comma delimited)
Invalid users will not display. Valid users will display realname/gecos field properly in GDM greeter even if he or she has not logged in yet. Results are only visible after a full reboot.

If you don't do this step, the user must click "Other" and then type in his or her username manually and attempt to log in.

When creating this tool, it would be very handy to add an option to tweak the GDM custom config for this purpose.

component: SSSD => sss_tools

This is out of scope of the 1.8 release.

milestone: SSSD 1.8.0 => SSSD 1.9.0
rhbz: =>

"Nice to have" for 1.9.

blockedby: =>
blocking: =>

Fields changed

feature_milestone: =>
milestone: SSSD 1.9.0 => SSSD 1.10 beta

Fields changed

milestone: SSSD 1.10 beta => SSSD 1.9.0 beta 3

Nick has been working on this and already sent a patch.

owner: somebody => nguay
patch: 0 => 1

Fields changed

milestone: SSSD 1.9.0 beta 6 => SSSD 1.9.0 beta 7

Master: 6ea6ec5

milestone: SSSD 1.9.0 beta 7 => SSSD 1.9.0 beta 6
resolution: => fixed
status: new => closed

Metadata Update from @simo:
- Issue assigned to nguay
- Issue set to the milestone: SSSD 1.9.0 beta 6

2 years ago

Login to comment on this ticket.

Metadata