#53: Backporting addition of SSSD client bits to Fedora 23 base docker image
-----------------------------+---------------------
Reporter: adelton | Owner: kanarip
Type: task | Status: new
Priority: major | Milestone:
Component: kickstart pool | Keywords:
Blocked By: | Blocking:
-----------------------------+---------------------
= phenomenon =
Hello,
we are working on SSSD container for Atomic Host:
https://lists.projectatomic.io/projectatomic-archives/atomic-
devel/2015-September/msg00086.html
It allows SSSD (the daemon) plus the configuration tools (ipa-client-
install, realm) to be in container but for other container to be able to
use it for resolution of user identities or authentication, NSS and PAM
libraries that would be able to talk to the SSSD container via Unix
sockets are needed.
= background analysis =
The libraries that I consider essential are
/usr/lib64/libnss_sss.so.2
/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
/usr/lib64/security/pam_sss.so
The package that contains them is sssd-client and it has two dependencies,
libsss_idmap and libsss_nss_idmap. The total size as reported by dnf in a
fedora:22 container is
Total download size: 284 k Installed size: 336 k
= implementation recommendation =
The sssd-client was added to master via
https://fedorahosted.org/spin-kickstarts/ticket/50
and commit ee22a9c00c250e6b141094dfadc6a45a1ec7f7b2.
Could we have that change backported to Fedora 23 base docker image as
well.
Running
git cherry-pick -x ee22a9c00c250e6b141094dfadc6a45a1ec7f7b2
in the f23 branch should do the trick.
--
Ticket URL: <
https://fedorahosted.org/spin-kickstarts/ticket/53>
spin-kickstarts <
https://fedorahosted.org/spin-kickstarts/>
Kickstarts that the Spin SIG reviews, tests, maintains and releases (as a package).