Hello,
I noticed that "sudoers files" was default prior over "sudoers sssd" into "/usr/share/authselect/default/sssd/nsswitch.conf" when registering a client.
Sudoers is the only item to be files prior, all other items are sssd prior:
passwd: sss files systemd {exclude if "with-custom-passwd"} group: sss files systemd {exclude if "with-custom-group"} netgroup: sss files {exclude if "with-custom-netgroup"} automount: sss files {exclude if "with-custom-automount"} services: sss files {exclude if "with-custom-services"} sudoers: files sss {include if "with-sudo"}
Is there a reason to keep files priority for sudoers while the client is registered to a domain, and is intended to be first controlled by sssd?
Hi, forwarding the e-mail to Pavel who is authselect maintainer.
On Thu, Oct 14, 2021 at 12:04 AM Nathanaël Blanchet via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hello,
I noticed that "sudoers files" was default prior over "sudoers sssd" into "/usr/share/authselect/default/sssd/nsswitch.conf" when registering a client.
Sudoers is the only item to be files prior, all other items are sssd prior:
passwd: sss files systemd {exclude if "with-custom-passwd"} group: sss files systemd {exclude if "with-custom-group"} netgroup: sss files {exclude if "with-custom-netgroup"} automount: sss files {exclude if "with-custom-automount"} services: sss files {exclude if "with-custom-services"} sudoers: files sss {include if "with-sudo"}
Is there a reason to keep files priority for sudoers while the client is registered to a domain, and is intended to be first controlled by sssd?
-- Nathanaël Blanchet
Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
freeipa-users@lists.fedorahosted.org