Skip to Content.
Sympa Menu

linux-announce - [[Linux-announce] ] Possibly breaking authentication change in RHEL9

linux-announce AT lists.psi.ch

Subject: Linux Mailing List

List archive

[[Linux-announce] ] Possibly breaking authentication change in RHEL9


Chronological Thread  
    < Chronological >       < Thread >
  • From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
  • To: linux-announce AT lists.psi.ch
  • Subject: [[Linux-announce] ] Possibly breaking authentication change in RHEL9
  • Date: Mon, 24 Mar 2025 12:50:14 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=psi.ch; dmarc=pass action=none header.from=psi.ch; dkim=pass header.d=psi.ch; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L+UChi2aaQFrRY33fuiuDnBvFyK/ZqJZSPoQ35sfKIo=; b=k7rXliYmuT80Cz9LcpkUAsPreoC3ZyAXIY+TsrzVfT5uYG7lqf/NaZ/o38UY6tgZQI/0y8+r34cYoIOMPcIZnJ6XBC/hOJlEDuGyV7KWvHGedgiz2wrIZ+CM2X04DS/5SiEmO1p+/sfzQoHj4Cb8TaQiV+pSBFh9/kqydsLuf0DVd5NqDEiXU5m1/oJ43x6oA5OWznUR5Il9nzC3ITLeb8pya1bBDUEs/rCfaryJFST24r26Xh0EbcOysEC11XE37j4T1WEMi6j55Gv6baRmQo91O9SD2xSPqXPwYc+52rGJwvLvKXITjbPLnJyLzI+udO9TRv0ybkLyA88K+3sTnw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rKU++yhBk3wODNKVvpwCNRMli1/XIqHlEYWVqStJcQyTbrdW5iCI2q1ljLf7YexI3Q7NhHUmAXrMKe+ZbCMSyEzvhcvzYabwyigoxSjYDxv1RiGTxw0nZI3DpOp6H79XAoidnCGj+1EYUWrHYmqEjk3qCbwbJcAu4ZuqCy+Byvg+RE99BVjP+ndBTL/i4hOZdnpPAF6wCG244HyNYnVJN44UnNfe6SciMG/hxjrrclvTy9yw/4r3slg7tlvVOX2crrR5JJqYa/gatXscu2akkBXzWQdDKsdy4+PWD+TR15YV4riHyyImQjKMNKnEnmKCZMLkrqyEi6kmqEC3aMj6cg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;
Dear RHEL9 admins

We introduced the AD provider to handle the connection from the Linux authentication daemon `sssd` to the AD:

https://linux.psi.ch/admin-guide/configuration/basic/ad_integration.html

We will now enable it by default on RHEL9. Please note that RHEL9 is currently in Alpha state and thus we reserve us to do breaking changes without announcement and warning, here we derive a bit from that rule to give you a heads up.

If you wish to have a more planned migration you can already go forward (also on RHEL8) with

aaa::sssd_ad_provider: true

or keep you system back on the current LDAP provider with

aaa::sssd_ad_provider: false


This is supposed to be the last breaking change before declaring Beta.

Cheers
Konrad

--
Paul Scherrer Institut
Konrad Bucheli
Linux Systems Engineer
Core Linux Research Services
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland

Phone: +41 56 310 27 24
konrad.bucheli AT psi.ch
www.psi.ch


  • [[Linux-announce] ] Possibly breaking authentication change in RHEL9, Konrad Bucheli (PSI), 03/24/2025

Archive powered by MHonArc 2.6.24.

Top of Page