On 02/26/2018 05:08 PM, Martin Kosek wrote:
> Because I do not know any platform/distribution which has
freeipa-client
> and does not have sssd.
I see, thanks for info.
Reading this, I would be quite fine with removing all the --no-sssd
functionality from client installer and leaving people who want to
configure FreeIPA with nss-pam-ldapd for manual configuration. We have
some ipa-advise plugins for configuring nss-pam-ldapd "authconfig-free"
code already anyway.
Seeing the updates in design and
https://github.com/freeipa/freeipa/pull/1603
I also wonder - do we want to do anything with --noac option:
--noac do not modify the nsswitch.conf and PAM
configuration
Does the option actually work/is tested? To me, it sounds similar to
-no-sssd options, i.e. something that is not used and likely does not work.
In case we want to retain it, I would at least rename it (ac =
authconfig) and state properly what's it's intent, why would anyone want
to turn it on, something like
--no-pam do not make changes in PAM stack
But at least in Fedora this may not make any difference if SSSD is
enabled by default as it serves local users already.
Martin