[Freeipa-users] Sudo configuration question
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Wed Dec 21 08:28:46 UTC 2011
On 12/20/2011 10:27 PM, Jan Zelený wrote:
>> I have been working through configuring sudo via IPA and ran into the
>> following situation.
>>
>> There is a directive in the documentation to configure
>> /etc/sssd/sssd.conf on the clients with something like the following:
>>
>> ldap_netgroup_search_base = cn=ng,cn=compat,dc=example,dc=com
>>
>>
>> This is pulled from the docse here for reference:
>> http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_
>> Management_Guide/example-configuring-sudo.html
>>
>> This is fine and causes no problems, however, when I mistakenly left it
>> out on a few systems, sudo continued to function, so I am wondering what
>> it is that this directive does? Does this get sssd into the loop to
>> cache sudo rules for offline use?
> Support for SUDO in SSSD has been added just about a week ago into master
> branch and is considered experimental right now. And as I understand it, the
> support in SUDO itself is still not entirely complete. So the simple answer
> is: hang on, the support is coming.
>
> Jan
Hmm, that is odd. I am not trying to be on the bleeding edge here, my
sudo setup is taken directly from the RHEL 6.2 documentation concerning
identity management. It would be very strange if RHEL was running such
an experimental and bleeding edge thing in the base RHEL setup.
So I guess to back up a bit here, IF sudo were working with SSSD as it
will in the future would the aforementioned directive be the way to make
it work. Understanding of course that for now it doesn't.
-Erinn
More information about the Freeipa-users
mailing list