[OmniOS-discuss] Vbf: [SSSD-users] Re: SSSD in AIX

Johan Kragsterman johan.kragsterman at capvert.se
Wed Nov 14 15:57:36 UTC 2018


Hi!


For your information, the SSSD application, the  "System Security Services Daemon", seems to be in a process to be ported to AIX.

This might be of interest for the Illumos community, since if it is ported to AIX, it would help very much to port it to Illumos.

Background is probably that IBM now acquired RedHat, and that they see considerable value in SSSD. So do I, that's why I inform the community of this.


https://github.com/SSSD/sssd



Best regards from/Med vänliga hälsningar från

Johan Kragsterman

Capvert


-----Vidarebefordrat av Johan Kragsterman/Capvert 2018-11-14 16:50 -----
Till: "End-user discussions about the System Security Services Daemon" <sssd-users at lists.fedorahosted.org>
Från: "Frank Pikelner" <frank.pikelner at gmail.com>
Datum: 2018-11-14 15:26
Ärende: [SSSD-users] Re: SSSD in AIX

I would concur that SSSD on AIX would be very welcome as an OS option.
Appreciate the effort.

Frank Pikelner
On Wed, Nov 14, 2018 at 4:36 AM Jakub Hrozek <jhrozek at redhat.com> wrote:
>
> On Mon, Nov 12, 2018 at 05:24:54PM +0530, Ayappan wrote:
> > On Mon, Nov 12, 2018 at 4:56 PM Jakub Hrozek <jhrozek at redhat.com> wrote:
> > >
> > > On Mon, Nov 12, 2018 at 03:57:53PM +0530, Ayappan wrote:
> > > > Hi,
> > > >
> > > > I am from AIX OS development team here in IBM. We have some customers
> > > > who are interested in running SSSD in AIX. So i basically invested
> > > > some amount of time to first build SSSD in AIX. I built the recent
> > > > version 1.16.3 after working around some build issues. Below is the
> > > > configure options.
> > > > ./configure --prefix=/opt/freeware --disable-cifs-idmap-plugin
> > > > --without-nfsv4-idmapd-plugin --disable-rpath --with-manpages=no
> > > > --without-python3-bindings --with-selinux=no --with-semanage=no
> > > > --with-crypto=libcrypto --without-secrets --without-kcm
> > > >
> > > > I started the daemon but then it failed later with no stderr / logs
> > > > produced anywhere.
> > > >
> > > > # /opt/freeware/sbin/sssd -i -d4
> > >
> > > Are there also no messages if you run with -d 10 ?
> > >
> >
> > I just ran it and attached the output. It is showing lot of messges
> > with "ldb" tag. Not sure how to interpret it.
>
> Hmm, this is strange, for some reson the ldb library debug hooks work,
> but not the sssd debugging itself? I don't know what to make of it
> because both should be routed to the sss_vdebug_fn() function. I guess
> it should be possible to gdb the monitor process and see what gets
> called e.g. inside server_setup() when one of the DEBUG messages is
> reached?
>
> >
> > > On Linux, I would have said that strace with -ff would be also helpful,
> > > but I have no idea if something like this exists on AIX.
> > >
> >
> > AIX strace seems to be different. But it has truss command which is
> > similar to Linux strace. Just ran that as well. It provides
> > good deal of info. Seems like i need to analyze the output to make out
> > anything meaningful.
> >
> > > >
> > > > (1) root @ fvt-p7a2-lp16: /
> > > >
> > > > I see it invokes two other child process which also failed
> > > > /opt/freeware/libexec/sssd/sssd_be --domain implicit_files --uid 0
> > > > --gid 0 -d 0x01f0 --logger=stderr
> > > > /opt/freeware/libexec/sssd/sssd_nss --uid 0 --gid 0 -d 0x01f0 --logger=stderr
> > > >
> > > > Any help would be appreciated.
> > > >
> > > > Thanks
> > > > Ayappan P
> > > > _______________________________________________
> > > > sssd-users mailing list -- sssd-users at lists.fedorahosted.org
> > > > To unsubscribe send an email to sssd-users-leave at lists.fedorahosted.org
> > > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > > List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
> > > _______________________________________________
> > > sssd-users mailing list -- sssd-users at lists.fedorahosted.org
> > > To unsubscribe send an email to sssd-users-leave at lists.fedorahosted.org
> > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
>
> > _poll(0x20057788, 4, 1928)                      = 4
> > _enrecvmsg(10, 0x2FF22358, 0, 0x00000000)       = 1
> > getpeereid(10, 0x2FF22380, 0x2FF2237C)          Err#76 ENOTCONN
> > kread(10, " A U T H   E X T E R N A".., 2048)   = 18
> > _poll(0x20057788, 4, 1926)                      = 4
> > _esend(10, 0x200575F8, 46, 256, 0x00000000)     Err#32 EPIPE
> >     Received signal #20, SIGCHLD [caught]
>
> Here the child process (sssd_be) tries to connect to the sssd main
> processes' D-Bus socket, sends the AUTH EXTERNAL command to try to
> authenticate, but when the sssd tries to reply, the send
> call returns EPIPE..this indicates the sssd_be process is exiting after
> startup.
>
> I can't tell from the truss output what makes the sssd_be fail. It would
> be best to first figure out why the logger is not working..
> _______________________________________________
> sssd-users mailing list -- sssd-users at lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave at lists.fedorahosted.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users at lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave at lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org






More information about the OmniOS-discuss mailing list