Open liorsu opened 6 months ago
Hi,
to avoid an additional option we can also take a hash value, e.g. sha256 or any other message digest function as long as the output is not too long, of the domain name.
bye, Sumit
SGTM Though we may not want to use the full hex digest, depends on its length (for example sha256 would mean 64 characters which may be too long)
The limit is due to the unix domain socket path that is being used by the
sssd_be
process.The unix domian socket that is chosen is derived from the domain name in the
sssd.conf
.Example used configuration for
sssd.conf
-The
sbus
unix domain path is-/var/lib/sssd/pipes/private/sbus-dp_<domain-name>.<pid>
While unix domain sockets paths are limited by 108 characters- https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/un.h#L7
The fact that the pid is also part of it, makes it unstable with certain domain lengths, depends on the length of the current pid.
It would have been nice if the unix domain socket would've been derived from something else that wouldn't limit the length of the domain that is used.
A short convo from the #sssd chat with @abbra regarding the issue-