Bug 282469
| Summary: | security/sssd2: Let krb5_store_password_if_offline feature work without procfs | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Mark Johnston <markj> | ||||
| Component: | Individual Port(s) | Assignee: | John Hixson <jhixson> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | 0mp, arrowd | ||||
| Priority: | --- | Flags: | jhixson:
maintainer-feedback+
|
||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
The code looks good to me and I tested it with our local AD domain. I don't really remember what action highlighted this problem initially, but at least nothing gets broken by this change. (In reply to Gleb Popov from comment #1) Thanks for testing. The problem was triggered by having krb5_store_password_if_offline=yes set in the sssd2 configuration, and starting sssd2 with some krb provider configured. In particular, this should now work without procfs mounted. > krb5_store_password_if_offline=yes set in the sssd2 configuration, and starting sssd2 with some krb provider configured.
That was exactly the context I was testing in.
Looks good to me. I'll get it committed this week. Thanks! A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f53142e16976397a188f1d44ec743926b34feeb8 commit f53142e16976397a188f1d44ec743926b34feeb8 Author: John Hixson <jhixson@FreeBSD.org> AuthorDate: 2024-12-06 20:47:24 +0000 Commit: John Hixson <jhixson@FreeBSD.org> CommitDate: 2024-12-06 20:48:44 +0000 security/sssd2: bump port revision Added patch for finding UIDs without using procfs PR: 282469 security/sssd2/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Committed. Thank you! |
Created attachment 254847 [details] proposed patch Attached is a patch which rewrites the UID enumeration code to use sysctl instead of procfs on FreeBSD, following up on PR 279255. This is a bit more code, but doesn't require any special mounts so makes sssd2 behave more like a native FreeBSD application. Gleb, John, I wonder if you could help test this? Our current sssd2 setup has some issues that make testing a bit tricky at the moment.