Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#72557 - sssd: add adcli to the community repository and as optional dependency to sssd

Attached to Project: Community Packages
Opened by Arne Fahrenwalde (macgeneral) - Wednesday, 27 October 2021, 09:36 GMT
Task Type Feature Request
Category Packages
Status Assigned
Assigned To Massimiliano Torromeo (mtorromeo)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:
ActiveDirectory setups can hand out a machine credential called the "kerberos keytab" to connected machines.
This can be set to expire forcing machines to regularly renew it.
While that renewal is supported by sssd, the feature can only be used if adcli is installed.
adcli currently is only available in the AUR and unlike sssd not in the official repositories.

https://github.com/SSSD/sssd/blob/7313efba2cd668ce622c4bf54b94a725e7209617/src/providers/ad/ad_machine_pw_renewal.c#L30

Additional info:
* adcli version 0.9.1
* https://aur.archlinux.org/packages/adcli
* https://github.com/gentoo/gentoo/pull/20624

Steps to reproduce:
* hard to reproduce because you need a fully working Kerberos/AD setup which hands out a krb5.keytab file which has to be regularly renewed.
This task depends upon

Loading...