FS#72557 - [sssd] add adcli to the community repository and as optional dependency to sssd

Attached to Project: Community Packages
Opened by Arne Fahrenwalde (macgeneral) - Wednesday, 27 October 2021, 09:36 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:08 GMT
Task Type Feature Request
Category Packages
Status Closed
Assigned To Massimiliano Torromeo (mtorromeo)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
ActiveDirectory setups can hand out a machine credential called the "kerberos keytab" to connected machines.
This can be set to expire forcing machines to regularly renew it.
While that renewal is supported by sssd, the feature can only be used if adcli is installed.
adcli currently is only available in the AUR and unlike sssd not in the official repositories.

https://github.com/SSSD/sssd/blob/7313efba2cd668ce622c4bf54b94a725e7209617/src/providers/ad/ad_machine_pw_renewal.c#L30

Additional info:
* adcli version 0.9.1
* https://aur.archlinux.org/packages/adcli
* https://github.com/gentoo/gentoo/pull/20624

Steps to reproduce:
* hard to reproduce because you need a fully working Kerberos/AD setup which hands out a krb5.keytab file which has to be regularly renewed.
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:08 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/sssd/issues/1

Loading...