-
Bug
-
Resolution: Done-Errata
-
Undefined
-
rhel-9.5
-
None
-
shadow-utils-4.9-10.el9_5
-
No
-
Moderate
-
ZStream
-
rhel-sst-idm-sssd
-
ssg_idm
-
3
-
False
-
-
Yes
-
None
-
Approved Blocker
-
Bug Fix
-
-
Done
-
None
Since SSSD doesn't enable 'files provider' by default on RHEL9, existing integration (user add/del calling 'sss_cache' for every local user operation) does more harm than good.
The proposal is to have RHEL9 specific downstream patch to change
https://github.com/shadow-maint/shadow/blob/5c0b99c77e3963cc3d4ee4980b0bb3c9955c032c/lib/sssd.c#L29
to point to a not-existing-by-default script (for example: '/usr/sbin/sss_cache_shadow_utils' )
This would make `sssd_flush_cache()` a no-op in default install.
For a (very) unlikely case where user intentionally configures/enabled SSSD 'files provider' and really needs thisintegration, they could create a link
'/usr/sbin/sss_cache_shadow_utils' pointing to 'sss_cache' to get the functionality back. This should be documented in RNs.
- blocks
-
RHEL-52842 SSSD DB version too old after upgrade
- Closed
- is duplicated by
-
RHEL-52842 SSSD DB version too old after upgrade
- Closed
- links to
-
RHBA-2024:138766 shadow-utils update