On 18/07/17 14:48, Jaroslav Reznik wrote:
> The default profile set will contain the following profiles:
>
> Local users + SSSD -- local users and remote users are handled by sssd
> Local users + SSSD + Fingerprint -- same as above but also pam_fprintd
> is enabled
> Local users + winbind -- local users are handled by files and remote
> users by winbind
> Local users + winbind + Fingerprint -- same as above but also
> pam_fprintd is enabled
No "local only" profiles for people that don't need sssd?
What is the effect of this on configurations that haven't been using
sssd at all? Is everything going to suddenly start blocking/timing out
on being unable to talk to it?
This is actually advantageous, since the previous behavior was that all access to local users previously had to hit the disk (unless nscd was manually configured). If SSSD isn't responding, nsswitch will fail back to the old behavior fairly quickly.
Also, the authselect stuff *puts* the configuration into place. If you don't want your configuration to change, don't call authselect. (Even if you do, it will detect that you have a manual configuration and won't change anything unless you pass a "force" option).