SSSD Service Enabled: Update test scenario to work on RHEL10.

The 'files' directive is now deprecated and there the 'proxy' directive that can be used as a replacement. Preserve the old test scenario so it should still work on older RHEL versions for example. RHEL9 should work with the new style but kept the same for integrity.
ComplianceAsCode · Jan 20, 2025 · 90c5316 · 90c5316
1 parent de3d61f
commit 90c5316
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh b/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh
@@ -7,15 +7,30 @@ services = nss, pam
 domains = example.com
 
 [domain/example.com]
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+id_provider = proxy
+proxy_lib_name = files
+local_auth_policy = only
+{{%- else %}}
 id_provider = files
 access_provider = simple
 simple_allow_users = user1, user2
+{{%- endif %}}
 
 [nss]
 filter_groups = root
 filter_users = root
 
 [pam]
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+pam_cert_auth = True
+{{%- endif %}}
 EOF
+	{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+	dnf install sssd-proxy -y
+	authselect select sssd with-smartcard
+	chmod 0640 /etc/sssd/sssd.conf
+	{{%- else %}}
 	chmod 0600 /etc/sssd/sssd.conf
+	{{%- endif %}}
 fi