From 4fd3445ad7be4707e92f593bef55f6a6c707bd61 Mon Sep 17 00:00:00 2001
From: "Asser M. Zayed" <asserzayed@gmail.com>
Date: Thu, 16 Apr 2026 17:05:03 +0200
Subject: [PATCH] Update Dockerfile to enhance SSSD and SSH configuration
 specially for FreeIPA/IdM setups

Added additional SSSD components and configured SSH for OAuth2/IdP authentication.
---
 schedmd/slurm/25.11/rockylinux9/Dockerfile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/schedmd/slurm/25.11/rockylinux9/Dockerfile b/schedmd/slurm/25.11/rockylinux9/Dockerfile
index 2017259..0bf4241 100644
--- a/schedmd/slurm/25.11/rockylinux9/Dockerfile
+++ b/schedmd/slurm/25.11/rockylinux9/Dockerfile
@@ -325,13 +325,17 @@ set -xeuo pipefail
 dnf -q -y install --setopt='install_weak_deps=False' \
   socat \
   openssh-server \
-  authselect sssd sssd-ad sssd-ldap
+  authselect sssd sssd-ad sssd-ipa sssd-krb5 sssd-ldap sssd-idp \
+  krb5-pkinit
 # Configure
 mkdir -p /etc/authselect
 authselect select sssd with-mkhomedir --force
 rm -f /etc/ssh/ssh_host_*
 EOR
 
+# Override sshd config to enable keyboard-interactive for OAuth2/IdP auth
+RUN echo "KbdInteractiveAuthentication yes" > /etc/ssh/sshd_config.d/00-ipa-idp.conf
+
 COPY files/etc/supervisord.conf /etc/
 COPY \
   files/etc/supervisord.d/fakesystemd-slurm.ini \