On 02/26/2018 01:16 PM, Lukas Slebodnik wrote:
On (23/02/18 13:08), Martin Kosek via FreeIPA-devel wrote:
> On 02/21/2018 03:39 PM, Rob Crittenden via FreeIPA-devel wrote:
>>>> - install client
>>>> a) if we replace rpm dependancy on authconfig with aushselect we can
>>>> go only this way: new installations done with authselect. if --no-sssd
>>>> option is provided, then fail.
>>> --no-sssd option is already deprecated and should not be used, you don't
>>> have to think about that scenario. You can therefore go the a) way and
>>> remove the option as a whole so that you can be sure it won't fiddle
>>> with new installations.
>> I can't seem to find anywhere that this deprecation was announced or
>> discussed other than the ticket and commit,
>> dfc271fdf4514481c11c342fabda135feeb44de6.
>>
>> Did anyone ask users, or anyone, if they use this option?
>>
>> In any case it isn't even clear that the option *is* deprecated. It just
>> doesn't show as an option to ipa-client -install (hiding is not
>> deprecating).
>>
>> IMHO to properly deprecate something it should yell loudly whenever
>> invoked with a dire warning that it will disappear in the future.
>
> This mostly seems as a review feedback that could have come in
>
https://pagure.io/freeipa/issue/5860
> but did not. But it does not change anything on the fact that the option
> is deprecated.
>
>> There is also no man page mention of deprecation, in fact the option is
>> still there.
>>
>> So even if the deprecation is fine and considered, removing the option
>> completely has had no visible discussion.
>
> Let's discuss it then. From Fedora/RHEL point of view, I do not see big
> value in spending much time in maintaining, supporting or developing
> non-SSSD scenarios. Fedora itself does not support these scenarios any
> more, after the authselect Fedora change. These very corner cases are
> left for manual administrator configuration.
>
> The non-SSSD work and code should be left to FreeIPA platform code, for
> platforms that do not use or want to use SSSD.
Which platform do you have in mind?
I did not have any specific Platform in mind in this case. I am not
aware of platform that has freeipa-client and does not have SSSD.
Because I do not know any platform/distribution which has
freeipa-client
and does not have sssd.
I see, thanks for info.
Reading this, I would be quite fine with removing all the --no-sssd
functionality from client installer and leaving people who want to
configure FreeIPA with nss-pam-ldapd for manual configuration. We have
some ipa-advise plugins for configuring nss-pam-ldapd "authconfig-free"
code already anyway.
Martin