The reason is that unless you change this, systemctl is-system-running
reports degraded instead of running, with messages akin to
Dec 9 17:59:25 registry1 sssd_check_socket_activated_responders[1672]:
(Mon Dec 9 17:59:25:697972 2019) [sssd] [main] (0x0010):
Misconfiguration found for the pam responder.
Dec 9 17:59:25 registry1 sssd_check_socket_activated_responders[1672]:
The pam responder has been configured to be socket-activated but it's
still mentioned in the services' line in /etc/sssd/sssd.conf.
Dec 9 17:59:25 registry1 sssd_check_socket_activated_responders[1672]:
Please, consider either adjusting your services' line in
/etc/sssd/sssd.conf or disabling the pam's socket by calling:
Dec 9 17:59:25 registry1 sssd_check_socket_activated_responders[1672]:
"systemctl disable sssd-pam.socket"
On 11/28/19 8:17 AM, Timo Aaltonen wrote:
> I'm just going to assume things are all fixed with 19.10 and up, which
> have freeipa 4.8.x and dogtag 10.7.3, and they both depend on systemd
> features now which should resolve all race conditions
>
> ** Changed in: freeipa (Ubuntu)
> Status: Confirmed => Fix Released
>
> ** Changed in: dogtag-pki (Ubuntu)
> Status: Confirmed => Fix Released
>
Timo,
You might take a look at /etc/sssd/sssd.conf
Consider changing
services = ifp
#services = nss, pam, ifp, ssh, sudo
The reason is that unless you change this, systemctl is-system-running
reports degraded instead of running, with messages akin to
Dec 9 17:59:25 registry1 sssd_check_ socket_ activated_ responders[ 1672]: socket_ activated_ responders[ 1672]: sssd.conf. socket_ activated_ responders[ 1672]: socket_ activated_ responders[ 1672]:
(Mon Dec 9 17:59:25:697972 2019) [sssd] [main] (0x0010):
Misconfiguration found for the pam responder.
Dec 9 17:59:25 registry1 sssd_check_
The pam responder has been configured to be socket-activated but it's
still mentioned in the services' line in /etc/sssd/
Dec 9 17:59:25 registry1 sssd_check_
Please, consider either adjusting your services' line in
/etc/sssd/sssd.conf or disabling the pam's socket by calling:
Dec 9 17:59:25 registry1 sssd_check_
"systemctl disable sssd-pam.socket"
On 11/28/19 8:17 AM, Timo Aaltonen wrote:
> I'm just going to assume things are all fixed with 19.10 and up, which
> have freeipa 4.8.x and dogtag 10.7.3, and they both depend on systemd
> features now which should resolve all race conditions
>
> ** Changed in: freeipa (Ubuntu)
> Status: Confirmed => Fix Released
>
> ** Changed in: dogtag-pki (Ubuntu)
> Status: Confirmed => Fix Released
>