On Sun, Sep 08, 2013 at 03:42:16PM -0500, Dean Hunter wrote: > On Sat, 2013-09-07 at 19:35 -0400, Dmitri Pal wrote: > > > On 09/07/2013 02:11 PM, Christian Horn wrote: > > > On Sat, Sep 07, 2013 at 12:06:37PM -0500, Dean Hunter wrote: > > >> Are [1] and[2] still the current and best sources of information for > > >> configuring sudo for use with the current release of FreeIPA on Fedora > > >> 19? > > >> > > >> 1. > > >> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/sudo.html > > >> 2. > > >> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > > > There is also the Identity_Management_Guide as part of the RHEL > > > product documentation: > > > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html > > This and the pdf above are the latest word in this area. > > > > > Christian > > > > > > _______________________________________________ > > > Freeipa-users mailing list > > > Freeipa-users@redhat.com > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > > > Some sudo rules are causing: > > [dean@desktop2 ~]$ sudo id > sudo: internal error, tried to erealloc3(0)
This is a known bug: https://bugzilla.redhat.com/show_bug.cgi?id=1000389 I think the sudo rules are just missing the sudoHost attribute. > > , but others do not. In the trial and error process of determining > which rule specifications are causing the error, I have been restarting > the virtual machine I am using as the sudo client between tests. Is > there a better way to clear the SSSD cache between trials to make sure I > am testing the most recent rule change? Unfortunately right now the only way is to rm the sssd cache which would also remove any cached credentials. I thought there was an RFE open to track the enhancement to make sss_cache invalidate and refresh sudo rules, but I can't find it now in the SSSD trac, so I filed another one: https://fedorahosted.org/sssd/ticket/2081 Worst case, we mark it as a duplicate. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users