On Thu, Sep 25, 2014 at 03:46:14PM +0200, Joakim Tjernlund wrote:
Still, I don't see how the above somehow documents sssd's "no root login whatsoever" policy. The docs actually hints the opposite: filter_users, filter_groups (string) Exclude certain users from being fetched from the sss NSS database. This is particularly useful for system accounts. This option can also be set per-domain or include fully-qualified names to filter only users from the particular domain. Default: root
This make me think I only have to add an empty filter_users to allow root
Jocke
You have a point about documenting us dropping root requests. Can you open a ticket upstream?