Hi all,
I've found an Ubuntu 10.04 server with a very old sssd running on it. The sssd package does not appear to be configured to do anything. I don't see anything in nsswitch and nothing returned when I run getent passwd --service=sss. So I don't see anything in nsswitch, I also don't see any instance of sss anywhere in /etc/pam.d/*.
Can this sssd be doing anything or even possibly negatively affecting things for the system in any way?
Can sssd interact with the rest of the O/S through another mechanism? I just want to verify that sssd is not doing anything before I stop the service and remove the package.
The version is 1.0.5-0ubuntu1. My plan is to just turn it off and uninstall the package, unless I find out that it's doing something useful for the customer.
I'm in the process of turning on the debug level = 10 (or whatever it is) option so I can look through the sssd log files.
Thanks in advance. Bryan
I enabled logging but no logs were created. So because of that, I ran sssd myself with the -i option to see the output. This is the type of stuff I'm seeing.
[sssd] [sbus_remove_timeout] (8): 0x2401540 [sssd] [sbus_dispatch] (9): dbus conn: 24035F0 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service nss replied to ping [sssd] [sbus_remove_timeout] (8): 0x2405570 [sssd] [sbus_dispatch] (9): dbus conn: 2401F50 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service pam replied to ping [sssd] [service_check_alive] (4): Checking service nss(31009) is still alive [sssd] [service_send_ping] (4): Pinging nss [sssd] [sbus_add_timeout] (8): 0x2405570 [sssd] [service_check_alive] (4): Checking service pam(31010) is still alive [sssd] [service_send_ping] (4): Pinging pam [sssd] [sbus_add_timeout] (8): 0x2401540 [sssd[nss]] [sbus_dispatch] (9): dbus conn: F56FC0 [sssd[nss]] [sbus_dispatch] (9): Dispatching. [sssd[nss]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd[pam]] [sbus_dispatch] (9): dbus conn: 157E820 [sssd[pam]] [sbus_dispatch] (9): Dispatching. [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd] [sbus_remove_timeout] (8): 0x2405570 [sssd] [sbus_dispatch] (9): dbus conn: 24035F0 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service nss replied to ping [sssd] [sbus_remove_timeout] (8): 0x2401540 [sssd] [sbus_dispatch] (9): dbus conn: 2401F50 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service pam replied to ping [sssd] [service_check_alive] (4): Checking service nss(31009) is still alive [sssd] [service_send_ping] (4): Pinging nss [sssd] [sbus_add_timeout] (8): 0x2401540 [sssd] [service_check_alive] (4): Checking service pam(31010) is still alive [sssd] [service_send_ping] (4): Pinging pam [sssd] [sbus_add_timeout] (8): 0x2405570 [sssd[nss]] [sbus_dispatch] (9): dbus conn: F56FC0 [sssd[nss]] [sbus_dispatch] (9): Dispatching. [sssd[nss]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd] [sbus_remove_timeout] (8): 0x2401540 [sssd[pam]] [sbus_dispatch] (9): dbus conn: 157E820 [sssd] [sbus_dispatch] (9): [sssd[pam]] [sbus_dispatch] (9): dbus conn: 24035F0 Dispatching. [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service nss replied to ping [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd] [sbus_remove_timeout] (8): 0x2405570 [sssd] [sbus_dispatch] (9): dbus conn: 2401F50 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service pam replied to ping ^C[sssd] [monitor_quit] (0): Interrupt: killing children [sssd] [sbus_remove_watch] (8): 0x2402cc0/0x24027c0 Bryan
On Jan 02, 2014, at 05:43 PM, Bryan Harris bryanlharris@me.com wrote:
Hi all,
I've found an Ubuntu 10.04 server with a very old sssd running on it. The sssd package does not appear to be configured to do anything. I don't see anything in nsswitch and nothing returned when I run getent passwd --service=sss. So I don't see anything in nsswitch, I also don't see any instance of sss anywhere in /etc/pam.d/*.
Can this sssd be doing anything or even possibly negatively affecting things for the system in any way?
Can sssd interact with the rest of the O/S through another mechanism? I just want to verify that sssd is not doing anything before I stop the service and remove the package.
The version is 1.0.5-0ubuntu1. My plan is to just turn it off and uninstall the package, unless I find out that it's doing something useful for the customer.
I'm in the process of turning on the debug level = 10 (or whatever it is) option so I can look through the sssd log files.
Thanks in advance. Bryan _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Fri, Jan 03, 2014 at 12:07:55AM +0000, Bryan Harris wrote:
I enabled logging but no logs were created. So because of that, I ran sssd myself with the -i option to see the output. This is the type of stuff I'm seeing.
[sssd] [sbus_remove_timeout] (8): 0x2401540 [sssd] [sbus_dispatch] (9): dbus conn: 24035F0 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service nss replied to ping [sssd] [sbus_remove_timeout] (8): 0x2405570 [sssd] [sbus_dispatch] (9): dbus conn: 2401F50 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service pam replied to ping [sssd] [service_check_alive] (4): Checking service nss(31009) is still alive [sssd] [service_send_ping] (4): Pinging nss [sssd] [sbus_add_timeout] (8): 0x2405570 [sssd] [service_check_alive] (4): Checking service pam(31010) is still alive [sssd] [service_send_ping] (4): Pinging pam [sssd] [sbus_add_timeout] (8): 0x2401540 [sssd[nss]] [sbus_dispatch] (9): dbus conn: F56FC0 [sssd[nss]] [sbus_dispatch] (9): Dispatching. [sssd[nss]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd[pam]] [sbus_dispatch] (9): dbus conn: 157E820 [sssd[pam]] [sbus_dispatch] (9): Dispatching. [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd] [sbus_remove_timeout] (8): 0x2405570 [sssd] [sbus_dispatch] (9): dbus conn: 24035F0 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service nss replied to ping [sssd] [sbus_remove_timeout] (8): 0x2401540 [sssd] [sbus_dispatch] (9): dbus conn: 2401F50 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service pam replied to ping [sssd] [service_check_alive] (4): Checking service nss(31009) is still alive [sssd] [service_send_ping] (4): Pinging nss [sssd] [sbus_add_timeout] (8): 0x2401540 [sssd] [service_check_alive] (4): Checking service pam(31010) is still alive [sssd] [service_send_ping] (4): Pinging pam [sssd] [sbus_add_timeout] (8): 0x2405570 [sssd[nss]] [sbus_dispatch] (9): dbus conn: F56FC0 [sssd[nss]] [sbus_dispatch] (9): Dispatching. [sssd[nss]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd] [sbus_remove_timeout] (8): 0x2401540 [sssd[pam]] [sbus_dispatch] (9): dbus conn: 157E820 [sssd] [sbus_dispatch] (9): [sssd[pam]] [sbus_dispatch] (9): dbus conn: 24035F0 Dispatching. [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service nss replied to ping [sssd[pam]] [sbus_message_handler] (9): Received SBUS method [ping] [sssd] [sbus_remove_timeout] (8): 0x2405570 [sssd] [sbus_dispatch] (9): dbus conn: 2401F50 [sssd] [sbus_dispatch] (9): Dispatching. [sssd] [ping_check] (4): Service pam replied to ping ^C[sssd] [monitor_quit] (0): Interrupt: killing children [sssd] [sbus_remove_watch] (8): 0x2402cc0/0x24027c0 Bryan
On Jan 02, 2014, at 05:43 PM, Bryan Harris bryanlharris@me.com wrote:
Hi all,
I've found an Ubuntu 10.04 server with a very old sssd running on it. The sssd package does not appear to be configured to do anything. I don't see anything in nsswitch and nothing returned when I run getent passwd --service=sss. So I don't see anything in nsswitch, I also don't see any instance of sss anywhere in /etc/pam.d/*.
Can this sssd be doing anything or even possibly negatively affecting things for the system in any way?
Can sssd interact with the rest of the O/S through another mechanism? I just want to verify that sssd is not doing anything before I stop the service and remove the package.
The version is 1.0.5-0ubuntu1. My plan is to just turn it off and uninstall the package, unless I find out that it's doing something useful for the customer.
I'm in the process of turning on the debug level = 10 (or whatever it is) option so I can look through the sssd log files.
Thanks in advance. Bryan
Unless NSS and PAM are configured, then I can only think about one possible way SSSD can affect the rest of the system -- upon resolving servers and becoming online, the SSSD informs the libkrb5 about KDCs it found.
These KDCs would then be reachable with kinit/kpasswd and similar. I'm not sure if your old version does this, though.
Hi Jakub,
As always thanks very much for your help. I'll plan on getting rid of this package or at least prevent sssd from running.
On Jan 3, 2014, at 4:58 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Jan 03, 2014 at 12:07:55AM +0000, Bryan Harris wrote: I enabled logging but no logs were created. So because of that, I ran sssd myself with the -i option to see the output. This is the type of stuff I'm seeing.
Unless NSS and PAM are configured, then I can only think about one possible way SSSD can affect the rest of the system -- upon resolving servers and becoming online, the SSSD informs the libkrb5 about KDCs it found.
These KDCs would then be reachable with kinit/kpasswd and similar. I'm not sure if your old version does this, though.
V/r, Bryan
On 01/03/2014 08:26 AM, Bryan Harris wrote:
Hi Jakub,
As always thanks very much for your help. I'll plan on getting rid of this package or at least prevent sssd from running.
And the question is why? I understand that in this case it is probably the best decision since SSSD is not used and the version is old. But what do you then use instead? Why not move to the later version of SSSD and enjoy its features? What did we miss to deserve "...getting rid of this package..." ;-) ?
Thanks Dmitri
On Jan 3, 2014, at 4:58 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Fri, Jan 03, 2014 at 12:07:55AM +0000, Bryan Harris wrote: I enabled logging but no logs were created. So because of that, I ran sssd myself with the -i option to see the output. This is the type of stuff I'm seeing.
Unless NSS and PAM are configured, then I can only think about one possible way SSSD can affect the rest of the system -- upon resolving servers and becoming online, the SSSD informs the libkrb5 about KDCs it found.
These KDCs would then be reachable with kinit/kpasswd and similar. I'm not sure if your old version does this, though.
V/r, Bryan _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Jan 03, 2014, at 09:40 AM, Dmitri Pal dpal@redhat.com wrote:
On 01/03/2014 08:26 AM, Bryan Harris wrote: Hi Jakub, As always thanks very much for your help. I'll plan on getting rid of this package or at least prevent sssd from running.
And the question is why? I understand that in this case it is probably the best decision since SSSD is not used and the version is old. But what do you then use instead? Why not move to the later version of SSSD and enjoy its features? What did we miss to deserve "...getting rid of this package..." ;-) ? Ah I simply chose my wording (very) poorly. I love sssd! But in this particular case they just had it installed from the default Ubuntu 10.04 config files and it was apparently doing nothing at all, so... I got adventurous and well the rest is history. Oh and I found out later this customer is migrating to a newer Ubuntu very soon, so if they ever need sssd for that server they will have a newer version (and I guess we still are discouraged from PPAs because of... I can't remember all the reasons).
Just as an update to my questions in the other thread, that other customer is going to slowly switch to using RHEL and get away from Debian 6, so that will allow them to use an sssd newer than what was available in Debian 6. Yay! Bryan
sssd-users@lists.fedorahosted.org
-
Bryan Harris -
Dmitri Pal -
Jakub Hrozek