On Thu, Feb 15, 2018 at 4:47 PM, Jakub Hrozek via FreeIPA-devel
<freeipa-devel(a)lists.fedorahosted.org> wrote:
> On Thu, Feb 15, 2018 at 08:57:55AM -0500, Rob Crittenden via FreeIPA-devel wrote:
>> Alexander Koksharov via FreeIPA-devel wrote:
>>> Hello,
>>>
>>> Please take a look on a design page here:
>>>
https://www.freeipa.org/page/V4/Authselect_migration
>>> I would like to
>>>
>>> hear you critics and suggessions.
>>
>>
>> On a non-technical note there are a number of spelling and grammatical
>> errors.
>>
>> You assert that non-SSSD is deprecated. Is that true? And is that
>> because authselect is choosing not to support it?
>
> Yes.
>
>> I'm ok with it and it
>> simplifies options a lot but I don't recall a conversation about that
>> before now. This is particularly important for in-place upgrades.
>
> What kind of a setup has non-SSSD clients? SSSD has been the default
> since RHEL-6 and I even thought the IPA installer dropped support for
> non-SSSD clients, but I haven't really checked.
--no-sssd option in ipa-client-install was marked as deprecated in
https://github.com/freeipa/freeipa/pull/848 (summer 2017). As part of
https://pagure.io/freeipa/issue/5860 - spin of
https://pagure.io/freeipa/issue/5557. Origin was that IPA client
doesn't bring dependencies for --no-sssd.
I.e. the deprecation is quite new.
Installation without SSSD is AFAIK not tested upstream.
Bleh. Documenting ONLY in the command-line? Not even the man page?
The RHEL docs don't mention --no-sssd at all apparently so there's that.
There seems to be no consideration of someone who installed with
--no-sssd in a supported version and has since upgraded.
I'm not advocating for --no-sssd but there was a real use-case when it
was introduced. It is likely not the case now but there may still be
corner cases.
rob