mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
Installer: activate nss and pam services in sssd.conf
If there is already a sssd.conf file before the installer is executed, the nss and pam services may not be enabled by the installer. This happens for instance if the machine is hardened for STIG and sssd.conf does not define services=... in the [sssd] section. The consequence is that trust cannot be established with an AD domain. The installer must enable nss and pam services even if there is a pre-existing sssd.conf file. Fixes: https://pagure.io/freeipa/issue/9427 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
a6f01115cf
commit
7796b7b958
@ -969,6 +969,9 @@ def configure_sssd_conf(
|
||||
nss_service.set_option('memcache_timeout', 600)
|
||||
sssdconfig.save_service(nss_service)
|
||||
|
||||
sssd_enable_service(sssdconfig, 'nss')
|
||||
sssd_enable_service(sssdconfig, 'pam')
|
||||
|
||||
domain.set_option('ipa_domain', cli_domain)
|
||||
domain.set_option('ipa_hostname', client_hostname)
|
||||
if cli_domain.lower() != cli_realm.lower():
|
||||
|
Loading…
Reference in New Issue
Block a user