This is a tracking bug for Change: Enforce Authselect Configuration Consistency For more details, see: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory This change wants to make authselect required to configure authentication and identity sources and forcefully update non-authselect configuration to the sssd authselect profile to eliminate any existing non-authselect setups. If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
See https://github.com/coreos/fedora-coreos-tracker/issues/1051 We need nss-altfiles in /etc/nsswitch.conf for ostree based systems right now. This is all the same as https://github.com/authselect/authselect/issues/48 etc. Perhaps short term we can disable the script aspects of authselect. But let's avoid shipping this feature in Fedora 36 until this is working with ostree. Can you take a look at this and comment? My strawman proposal here is that rpm-ostree gains a simple way to inject this requirement. A simple implementation of this would be detecting the presence of /usr/lib64/libnss_altfiles.so.2 or perhaps a "stamp file" like /usr/lib/nss-altfiles/required ? (We can't rely on querying the rpm database due to locking issues on traditional RPM and rpm-ostree explicitly denies reading it at all to scripts)
The discussion for ostree issue continues in https://bugzilla.redhat.com/show_bug.cgi?id=2034360
This bug appears to have been reported against 'rawhide' during the Fedora Linux 36 development cycle. Changing version to 36.
F36 was released today. If this Change did not land in the release, please notify bcotton as soon as possible.