8b0f359 Allow ipaapi user to access SSSD's info pipe

Authored and Committed by cheimes 2 years ago
    Allow ipaapi user to access SSSD's info pipe
    
    For smart card authentication, ipaapi must be able to access to sss-ifp.
    During installation and upgrade, the ipaapi user is now added to
    [ifp]allowed_uids.
    
    The commit also fixes two related issues:
    
    * The server upgrade code now enables ifp service in sssd.conf. The
      existing code modified sssd.conf but never wrote the changes to disk.
    * sssd_enable_service() no longer fails after it has detected an
      unrecognized service.
    
    Fixes: https://pagure.io/freeipa/issue/7751
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+34 -7