Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1353973
Description of problem: When running ipa-client-install, /etc/sssd/sssd.conf is appended instead of overwritten. As a result, old authentication methods are still working on a IPA enrolled server. Usually this is not a wishful behaviour. Version-Release number of selected component (if applicable): 4.2 How reproducible: Always Steps to Reproduce: 1. configure sssd.conf to i.e. authenticate with LDAP 2. run ipa-client-install 3. Find /etc/sssd/sssd.conf allowing both the old and new authentication method. Actual results: IPA users and users from the former authentication method (i.e. LDAP) can log in Expected results: Only IPA users should be able to log in Additional info: There are valid situations where two or more authentication methods should be possible. Adding a switch to ipa-client-install such as --overwrite-sssd-config would be a nice option. The same configuration issue is with /etc/openldap/ldap.conf, see BZ #1353969
Metadata Update from @pvoborni: - Issue assigned to someone - Issue set to the milestone: Future Releases
Metadata Update from @pcech: - Custom field affects_doc adjusted to on - Custom field knownissue adjusted to on - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.