Created attachment 250903 [details] proposed security/sssd2 patch The legacy security/sssd port has a patch which lets one set krb5_store_password_if_offline=True in a IPA provider configuration block. The patch fixes some code which uses /proc to enumerate the UIDs of logged-in users. Without the patch, if one has this configuration variable set, sssd dies with an obscure error. This caused some pain when a user was updating from sssd to sssd2. I ported the patch forward to security/sssd2 and will attach it here. I tested this in a local setup, as did the user who is migrating to sssd2 on production systems.
Created attachment 250904 [details] unrelated fixup While working on this I noticed a small bug in the sssd startup scripts. Here's a patch for that.
I'm happy to commit these patches myself if they look ok.
I'll have a look at this over this coming weekend.
(In reply to John Hixson from comment #3) Hi John, just wanted to gently bump this PR. :) For what it's worth, our user's been running with these patches in their production environment for several weeks now without any problems.