On 10/25/2012 06:13 PM, Paul B. Henson wrote:
On 10/25/2012 2:43 AM, Stephen Gallagher wrote:
Paul, this has been proposed as https://fedorahosted.org/sssd/ticket/1376 which is currently slated for inclusion in SSSD 1.10. You're not the first person to request this functionality, but it just hasn't been implemented yet.
Cool. Is anybody actively working/planning to work on this? I notice it is currently owned by "somebody" :). We're fairly hands on, if nobody else is currently working on this we might take a look at it.
Patches are very welcome indeed :-)
Please test with 'id -G' and not just 'id', as the latter doesn't just get the user's group memberships but also retrieves the full contents of each of the groups.
initgroups() isn't a problem; there's no noticeable delay logging in. But I don't think I can reasonably prevent people from running 'id -a' (-G only provides less than informative gids), or even just 'ls -l' on an object owned by one of the large groups...