It's been awhile but... quite a lot of work has been done:
Upcoming sssd-2.10 should be capable of running in an unprivileged container without user-ns support (i.e. still OCP, but Kubernetes already has this feature).
I could also build a general purpose SSSD container image, but I would need to understand requirements / typical use cases and see an interest / demand for this.
Very impressive work!
Not sure if there could be a use case for *generic* container. At least in my use case we add client applications inside the same container
Is this a "single UID" container (i.e. SSSD and client apps run under the same UID within container namespace)?
What do you use as an entry point of the container / how do you manage (start of) multiple processes?
What authentication means do you use?
If this is Kerberos, does your app use TGT acquired during authentication?
, which makes it non-generic. But surely it would be of great value to have an *example* on how to configure and run sssd within a non-root container for this kind of purpose.
--
Tero