Hi, I couldn't find any information about which OSes can run sssd 2.x package. The only mention about "platform" I found in sssd-2.0.0 release notes: "Starting with SSSD 2.0, upstream no longer supports RHEL-6 and its derivatives". I have Oracle Linux 7 so I think this note implies that at least RHEL7 (and OL7) would be supported platform for sssd2.x But OL7 repository has only sssd-1.16.5 package included. So I tried to build sssd2.8 on my own from sources directly on OL7 machine, but compilation fails (after resolving all dependencies) because of missing struct members in declarations in krb5/clpreauth_plugin.h. Those declarations come from "krb5-devel" package on OL7 repo and appear to be incompatible with sssd2.x sources.
Does this mean that sssd2 is incompatible with OL7 and there is no way to make it work on this platform?
Hi,
On Tue, Mar 14, 2023 at 2:26 PM Roman Annenko annenkor@gmail.com wrote:
Hi, I couldn't find any information about which OSes can run sssd 2.x package.
It's up to the downstream package maintainer of specific distributions.
The only mention about "platform" I found in sssd-2.0.0 release notes: "Starting with SSSD 2.0, upstream no longer supports RHEL-6 and its derivatives". I have Oracle Linux 7 so I think this note implies that at least RHEL7 (and OL7) would be supported platform for sssd2.x But OL7 repository has only sssd-1.16.5 package included. So I tried to build sssd2.8 on my own from sources directly on OL7 machine, but compilation fails (after resolving all dependencies) because of missing struct members in declarations in krb5/clpreauth_plugin.h. Those declarations come from "krb5-devel" package on OL7 repo and appear to be incompatible with sssd2.x sources.
Does this mean that sssd2 is incompatible with OL7 and there is no way to make it work on this platform?
As you can see, it requires some patching. No idea how extensive. You could also try luck with previous 2.x releases, but not sure if it makes sense for you.
On (14/03/23 17:19), Alexey Tikhonov wrote:
Hi,
On Tue, Mar 14, 2023 at 2:26 PM Roman Annenko annenkor@gmail.com wrote:
Hi, I couldn't find any information about which OSes can run sssd 2.x package.
It's up to the downstream package maintainer of specific distributions.
Which version are tested/recommended by upstream for 2.8 ?
LS
On Tue, Mar 14, 2023 at 10:05 PM Lukas Slebodnik lslebodn@redhat.com wrote:
On (14/03/23 17:19), Alexey Tikhonov wrote:
Hi,
On Tue, Mar 14, 2023 at 2:26 PM Roman Annenko annenkor@gmail.com wrote:
Hi, I couldn't find any information about which OSes can run sssd 2.x package.
It's up to the downstream package maintainer of specific distributions.
Which version are tested/recommended by upstream for 2.8 ?
Upstream PR CI currently runs on Fedora 36..Rawhide, CentOS Streams 8/9 and latest Debian. Besides, different versions of Ubuntu, OpenSUSE, Gentoo and others package SSSD, but we don't test on all those platforms.
I succeeded with building 2.6.3 release. The offending feature which breaks building is "krb5 plugin idp" which comes in the next releases. The code in module src/krb5_plugin/idp/idp_clpreauth.h accesses the struct member disable_fallback() which is missing in declarations that come from "krb5-devel" package for OL7.
On Thu, Mar 16, 2023 at 9:07 AM Roman Annenko annenkor@gmail.com wrote:
I succeeded with building 2.6.3 release. The offending feature which breaks building is "krb5 plugin idp" which comes in the next releases. The code in module src/krb5_plugin/idp/idp_clpreauth.h accesses the struct member disable_fallback() which is missing in declarations that come from "krb5-devel" package for OL7.
There is no ./configure switch to disable building of sssd-idp (but there is for related bit - 'oidc_child'). You could probably take the latest release and just delete `sssd_krb5_idp_plugin`-related stuff from Makefile.am. This will exclude building of bits required for external IdP support, but still better than 2.6
Thanks for suggestion. I've tried --without-oidc_child it didn't help. Tried also to comment out the call to disable_fallback() to check if I can go further - and got lots errors from certmap/* modules (maybe certmap can also be disabled with switch but I still didnt check). Suspect that making work 2.8 will not be an easy task.
sssd-users@lists.fedorahosted.org
-
Alexey Tikhonov -
Lukas Slebodnik -
Roman Annenko