Ok, got it.
BTW - is there a plan to support this feature for IPA domain as well?
O.
I am not aware of a specific plan, I do not think we even have a SSSD ticket.
Please file a bug/ticket if you need this feature.
In general, we did not see that part as pressing as the AD keytab one, as there
are no functional implications on IPA side when the keytab is not rotated. With
AD, things may break under certain settings, so that was the first priority.
With SSSD&FreeIPA, you can also rotate the keytab with cron+ipa-getkeytab combo
until we have such feature.
HTH,
Martin
-----Original Message-----
From: Sumit Bose [mailto:sbose@redhat.com]
Sent: Wednesday, May 25, 2016 11:58 AM
To: sssd-users(a)lists.fedorahosted.org
Subject: [SSSD-users] Re: SSSD in RHEL 6.8
On Wed, May 25, 2016 at 09:51:35AM +0000, Ondrej Valousek wrote:
> Did not have it installed - why isn't dependancy on it in sssd rpm
> package? It's only 100Kb package, no big deal :-) It is working now, thanks -
will monitor FD leaks.
Since this is an option feature, it can be disabled in sssd.conf, it should be possible
to remove the adcli package if not needed. If it is a dependency in the rpm package it
would not be easy to remove it with some package managers.
The patches for the ticket below should make SSSD behave better if adcli is not available
by automatically disabling the keytab renewal and a log message asking to install it with
this feature is needed.
HTH
bye,
Sumit
>
> Ondrej
>
> -----Original Message-----
> From: Jakub Hrozek [mailto:jhrozek@redhat.com]
> Sent: Wednesday, May 25, 2016 10:51 AM
> To: sssd-users(a)lists.fedorahosted.org
> Subject: [SSSD-users] Re: SSSD in RHEL 6.8
>
> On Wed, May 25, 2016 at 10:47:25AM +0200, Lukas Slebodnik wrote:
>> On (25/05/16 08:40), Ondrej Valousek wrote:
>>> Ok, this is probably important:
>>> (Wed May 25 10:12:58 2016) [sssd[be[default]]]
[ad_machine_account_password_renewal_send] (0x0020): Could not exec renewal child: [2][No
such file or directory].
>>>
>> Do you have installed adcli on you machine?
>
> Please be aware of:
>
https://fedorahosted.org/sssd/ticket/3017
> and:
>
https://fedorahosted.org/sssd/ticket/3016
>
> These bugs have either fixes upstream or on review on the sssd-devel list and I would
like them to be fixed in the next RHEL-6.8 update as well..
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
>
ed.org
>
> -----
>
> The information contained in this e-mail and in any attachments is confidential and
is designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost
>
ed.org
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org