From de3d61fb356beac7f28a3a264117b6f8fd234d58 Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Fri, 17 Jan 2025 13:00:12 +0100
Subject: [PATCH 1/2] Fix typo in service sssd enabled rule.

---
 linux_os/guide/services/sssd/service_sssd_enabled/rule.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml
index 457a54c2003..ac4b7638709 100644
--- a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml
+++ b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml
@@ -42,6 +42,6 @@ warnings:
     - general:
         The service requires a valid sssd configuration. If the configuration is
         not present, the service will fail to start and consequently this rule
-        will will be reported as failing. The configuration shipped in your
+        will be reported as failing. The configuration shipped in your
         distribution package might not be sufficient. Manual modification of
         configuration files might be required.

From 90c53167b2e853f1632f5d5f8ff04a600317e44f Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Mon, 20 Jan 2025 16:47:30 +0100
Subject: [PATCH 2/2] SSSD Service Enabled: Update test scenario to work on
 RHEL10.

The 'files' directive is now deprecated and there the 'proxy' directive
that can be used as a replacement.

Preserve the old test scenario so it should still work on older RHEL
versions for example. RHEL9 should work with the new style but kept the
same for integrity.
---
 .../sssd/service_sssd_enabled/tests/common.sh     | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh b/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh
index c3dc61518fe..5c7272a3f8e 100644
--- a/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh
+++ b/linux_os/guide/services/sssd/service_sssd_enabled/tests/common.sh
@@ -7,15 +7,30 @@ services = nss, pam
 domains = example.com
 
 [domain/example.com]
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+id_provider = proxy
+proxy_lib_name = files
+local_auth_policy = only
+{{%- else %}}
 id_provider = files
 access_provider = simple
 simple_allow_users = user1, user2
+{{%- endif %}}
 
 [nss]
 filter_groups = root
 filter_users = root
 
 [pam]
+{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+pam_cert_auth = True
+{{%- endif %}}
 EOF
+	{{%- if ('rhel' in product or 'ol' in families) and product not in ['ol8', 'ol9', 'rhel8', 'rhel9']%}}
+	dnf install sssd-proxy -y
+	authselect select sssd with-smartcard
+	chmod 0640 /etc/sssd/sssd.conf
+	{{%- else %}}
 	chmod 0600 /etc/sssd/sssd.conf
+	{{%- endif %}}
 fi