On 09/08/2013 11:11 PM, Jakub Hrozek wrote:
On Sun, Sep 08, 2013 at 03:42:16PM -0500, Dean Hunter wrote:
On Sat, 2013-09-07 at 19:35 -0400, Dmitri Pal wrote:

On 09/07/2013 02:11 PM, Christian Horn wrote:
On Sat, Sep 07, 2013 at 12:06:37PM -0500, Dean Hunter wrote:
Are [1] and[2] still the current and best sources of information for
configuring sudo for use with the current release of FreeIPA on Fedora
19?

1.
http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/sudo.html
2.
http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
There is also the Identity_Management_Guide as part of the RHEL
product documentation:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html
This and the pdf above are the latest word in this area.

Christian

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users



Some sudo rules are causing:

   [dean@desktop2 ~]$ sudo id
   sudo: internal error, tried to erealloc3(0)

This is a known bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1000389

I think the sudo rules are just missing the sudoHost attribute.


, but others do not.  In the trial and error process of determining
which rule specifications are causing the error, I have been restarting
the virtual machine I am using as the sudo client between tests.  Is
there a better way to clear the SSSD cache between trials to make sure I
am testing the most recent rule change?

Unfortunately right now the only way is to rm the sssd cache which would
also remove any cached credentials.

You don't necessarily have to remove the cache. If you just restart SSSD the rules will be refreshed in approximately 15 seconds.

 I thought there was an RFE open to
track the enhancement to make sss_cache invalidate and refresh sudo
rules, but I can't find it now in the SSSD trac, so I filed another one:
https://fedorahosted.org/sssd/ticket/2081

Worst case, we mark it as a duplicate.

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to