This is required for anyone who are using sys-auth/sssd for system auth and trying to launch 32bit application, which needs user authentication info. Way to reproduce: 1. Install and configure sssd for external login storage use 2. emerge acroread 3. acroread Results: acroread doesn't start without any error particular error or action (no splash, nothing), with exception of "(acroread:6960): GLib-WARNING **: getpwuid_r(): failed due to unknown user id (5000)" Workaround: /etc/init.d/nscd start but it conflicts with sssd caching capabilities.
In my opinion, a branch of 1.8 not vulnerable
Re-assigning to multilib@
What do we need in multilib here? I would suspect at least the PAM and NSS modules. Likely also the libraries in /usr/lib64, and probably the krb5 plugin. What about /usr/lib64/sssd? Is that used by the daemon or by the libraries?
I don't see any use of this libraries by anything aside the daemon. They seems to be it's plugins for various techniques. PAM, NSS and krb5 32bit plugins should do the trick, IMO. BTW that's still an issue (I need to run nscd from time to time to work with 32bit apps, namely a lot of Steam games), if you wonder.
The only necessary files which should be multilib(32,64) are files which are packaged in sssd-client on fedora. http://koji.fedoraproject.org/koji/rpminfo?rpmID=5208096 Some of them will not be build on gentoo, because sssd is built without samba. It should be these thee files. /lib64/libnss_sss.so.2 /lib64/security/pam_sss.so /usr/lib64/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
Just got bitten by this problem too. Is there any progrees w.r.t multilib and sssd?
Thanks for the reminder. I will try to do it today, though it seems to have grown in new dependencies ;/.
(In reply to Michał Górny from comment #7) > Thanks for the reminder. I will try to do it today, though it seems to have > grown in new dependencies ;/. Very much appriciated, thank you.
(In reply to Michał Górny from comment #7) > Thanks for the reminder. I will try to do it today, though it seems to have > grown in new dependencies ;/. I guess this was not an easy task :) Seems like you have to rebuild the whole stack just to get to the client libs. sssd really needs separate server and client build targets
(In reply to Joakim Tjernlund from comment #9) > (In reply to Michał Górny from comment #7) > > Thanks for the reminder. I will try to do it today, though it seems to have > > grown in new dependencies ;/. > > I guess this was not an easy task :) > Seems like you have to rebuild the whole stack just to get to the > client libs. > sssd really needs separate server and client build targets It is not. The whole thing would be much better as separate packages. I'm still trying to find out how much of configure we need to stub.
*** Bug 524170 has been marked as a duplicate of this bug. ***
Hate to be a pest, but has there been any progress?
Not really. Need a patch, and a good one.
Good news, everyone! $ qlist sssd | grep lib32 /lib32/security/pam_sss.so /lib32/libnss_sss.so.2.0.0 /usr/lib32/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so /lib32/libnss_sss.so.2 /lib32/libnss_sss.so Now I just have to test it in a dedicated chroot to make sure it doesn't depend on some unnecessary multilib libraries being installed.
(In reply to Michał Górny from comment #14) > Good news, everyone! > > $ qlist sssd | grep lib32 > /lib32/security/pam_sss.so > /lib32/libnss_sss.so.2.0.0 > /usr/lib32/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so > /lib32/libnss_sss.so.2 > /lib32/libnss_sss.so > > Now I just have to test it in a dedicated chroot to make sure it doesn't > depend on some unnecessary multilib libraries being installed. Nice! It will be interesting to see what magic you had to do for this :)
+*sssd-1.12.2-r1 (20 Nov 2014) + + 20 Nov 2014; Michał Górny <mgorny@gentoo.org> +sssd-1.12.2-r1.ebuild: + Enable multilib support, bug #409701. Hopefully it builds fine with minimal set of dependencies necessary.