Bug 279255 - security/sssd2: Fix the krb5_store_password_if_offline feature
Summary: security/sssd2: Fix the krb5_store_password_if_offline feature
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: John Hixson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-23 14:49 UTC by Mark Johnston
Modified: 2024-06-10 14:43 UTC (History)
1 user (show)

See Also:
jhixson: maintainer-feedback+

Attachments
proposed security/sssd2 patch (2.62 KB, patch)
2024-05-23 14:49 UTC, Mark Johnston 		no flags Details | Diff
unrelated fixup (1.19 KB, patch)
2024-05-23 14:50 UTC, Mark Johnston 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Johnston freebsd_committer freebsd_triage 2024-05-23 14:49:59 UTC 
Created attachment 250903 [details]
proposed security/sssd2 patch

The legacy security/sssd port has a patch which lets one set krb5_store_password_if_offline=True in a IPA provider configuration block.  The patch fixes some code which uses /proc to enumerate the UIDs of logged-in users.  Without the patch, if one has this configuration variable set, sssd dies with an obscure error.  This caused some pain when a user was updating from sssd to sssd2.

I ported the patch forward to security/sssd2 and will attach it here.  I tested this in a local setup, as did the user who is migrating to sssd2 on production systems.
Comment 1 Mark Johnston freebsd_committer freebsd_triage 2024-05-23 14:50:56 UTC 
Created attachment 250904 [details]
unrelated fixup

While working on this I noticed a small bug in the sssd startup scripts.  Here's a patch for that.
Comment 2 Mark Johnston freebsd_committer freebsd_triage 2024-05-23 14:51:31 UTC 
I'm happy to commit these patches myself if they look ok.
Comment 3 John Hixson freebsd_committer freebsd_triage 2024-06-04 21:40:16 UTC 
I'll have a look at this over this coming weekend.
Comment 4 Mark Johnston freebsd_committer freebsd_triage 2024-06-10 14:43:03 UTC 
(In reply to John Hixson from comment #3)
Hi John, just wanted to gently bump this PR. :)

For what it's worth, our user's been running with these patches in their production environment for several weeks now without any problems.