Project

General

Profile

Bug #37878

Add sysctls to disable winbind and sssd enumeration

Added by John Hixson about 2 years ago. Updated about 2 years ago.

Status:
Done
Priority:
No priority
Assignee:
John Hixson
Category:
Services
Target version:
Severity:
Med High
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

I think we should disable all forms of enumeration from winbind to sssd and kill cachetool. This will improve the user/group UI greatly (you'll have to type rather than select), improve boot time, improve directory service restarts, avoid various problems we periodically have and so on. The only drawback is you won't see the users/groups when doing getent and you'll have to know what user/groups to type in the user/group selection drop down.

Associated revisions

Revision ead8d9fe (diff)
Added by John Hixson about 2 years ago

sysctl configuration for cache & enum (off by default & hidden) Ticket: #37878

Revision cecd3b80 (diff)
Added by John Hixson about 2 years ago

Use proper sysctl trees Ticket: #37878

Revision 321e49a8 (diff)
Added by John Hixson about 2 years ago

sysctl configuration for cache & enum (off by default & hidden) Ticket: #37878 (cherry picked from commit ead8d9fec2df32e9a761dd4665daeb276f6af246) (11.1-stable) Ticket: #37878

Revision 3eb4f0a6 (diff)
Added by John Hixson about 2 years ago

Use proper sysctl trees Ticket: #37878 (cherry picked from commit cecd3b80ab05a0a515dbb56c24d6725ff934189d) (11.1-stable) Ticket: #37878

History

#3 Updated by John Hixson about 2 years ago

  • Category changed from OS to Services

#4 Avatar?id=13649&size=24x24 Updated by Ben Gadd about 2 years ago

  • Target version changed from 11.2-RC2 to Backlog

#6 Updated by Dru Lavigne about 2 years ago

  • Status changed from Unscreened to In Progress
  • Target version changed from Backlog to 11.1-U6
  • Seen in changed from 11.2-U2 to Master - FreeNAS Nightlies

#7 Updated by Dru Lavigne about 2 years ago

  • Status changed from In Progress to Ready for Testing
  • Needs Merging changed from Yes to No

#8 Updated by Dru Lavigne about 2 years ago

  • Subject changed from Stop DoS'ing directory servers and make the UI great again to Disable winbind and sssd enumeration

#9 Updated by Bonnie Follweiler about 2 years ago

  • Status changed from Ready for Testing to Failed Testing

Test failed in FreeNAS 11.1-U6 Internal4

#11 Updated by Dru Lavigne about 2 years ago

  • Status changed from Failed Testing to Ready for Testing

#14 Updated by Dru Lavigne about 2 years ago

  • Subject changed from Disable winbind and sssd enumeration to Add sysctl to disable winbind and sssd enumeration
  • Status changed from Passed Testing to Done
  • Needs QA changed from Yes to No
  • Needs Doc changed from Yes to No

Notes that the sysctls are available but not enabled or hooked into anything.

#15 Updated by Dru Lavigne about 2 years ago

  • Subject changed from Add sysctl to disable winbind and sssd enumeration to Add sysctls to disable winbind and sssd enumeration

Also available in: Atom PDF