authconfig is still failing on first run if sssd is not enabled, and Kerberos is

[nkadel-skyhook]

When LDAP is not enabled, and Kerberos, the sssd.conf file is being updated with Kerberos configurations. But the sssd daemon should not, and on CentOS 6 and 7 cannot run. So the first chef run enabling Kerberos fails because of an attempt to restart sssd, which is a disabled daemon due to the other settings made by authconfig.

You and I have discussed this before: it's still a confusing bug to most. Running chef twice because that ignores broken operations under the first run is not a good approach to configuring security related software.

[jcam]

agreed, not a good approach at all.
I'm waiting for @Sauraus who already went to the trouble of merging a few of the different PRs that add 7 support, fix some of these bugs, etc... he's testing it now. Maybe he has his version available somewhere and we can all get to testing it...
#35

[Sauraus]

I believe this P4 solves the CentOS 7 & ldap problem because I have the very same setup: #41

[jcam]

merged #41 which should resolve this

[jcam]

i'm seeing weird issues with nslcd in this version.. hmm...