Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1581809

Summary: glibc: Modernise nsswitch.conf defaults
Product: [Fedora] Fedora Reporter: Florian Weimer <fweimer>
Component: glibcAssignee: Florian Weimer <fweimer>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 28CC: aoliva, arjun.is, codonell, dj, fweimer, law, mfabian, pfrankli, rth, siddhesh, ssorce
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: glibc-2.27.9000-22.fc29 glibc-2.27-19.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1392540 Environment:
Last Closed: 2018-06-23 20:48:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1581807    

Description Florian Weimer 2018-05-23 16:28:09 UTC 
+++ This bug was initially created as a clone of Bug #1392540 +++

Description of problem:
Newly provisioned RHEL 7.3 systems in IPA environment do not have functioning autofs due to the 'sss' option not being added to the automount entry of nsswitch.conf.

Version-Release number of selected component (if applicable):
ipa-client-4.4.0-12.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. ipa-client-automount

Actual results:
automount:  files 

Expected results:
automount:  files sss

Additional info:
Comment 1 Florian Weimer 2018-05-25 09:37:18 UTC 
We should drop all references to nis, nispuls, and add sss as requested.
Comment 2 Florian Weimer 2018-05-25 10:00:21 UTC 
Should we list sss before files to obtain better caching?

Here is what I came up with so far:

passwd:     sss files
shadow:     files sss
group:      sss files

hosts:      files dns myhostname

bootparams: files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   sss

publickey:  files

automount:  files sss
aliases:    files
Comment 3 DJ Delorie 2018-05-25 17:06:15 UTC 
No, because that precludes the use of local files to provide local overrides, such as a machine-specific root password
Comment 4 Simo Sorce 2018-05-25 17:36:23 UTC 
sssd never provides a root account by design.
as a default it makes sense, overrides are special actions that can be dealt with by manually changing nsswitch.conf if you have a conflict (but note that sssd also has a way to remap cerntal users so you can avoid conflicts should you need to).
Comment 5 Fedora Update System 2018-06-20 16:59:31 UTC 
glibc-2.27-19.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e51a452b8f
Comment 6 Fedora Update System 2018-06-21 16:13:51 UTC 
glibc-2.27-19.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e51a452b8f
Comment 7 Fedora Update System 2018-06-23 20:48:07 UTC 
glibc-2.27-19.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.