On Mon, 2013-09-09 at 11:29 +0200, Pavel Březina wrote: > On 09/08/2013 11:11 PM, Jakub Hrozek wrote: > > On Sun, Sep 08, 2013 at 03:42:16PM -0500, Dean Hunter wrote: > >> On Sat, 2013-09-07 at 19:35 -0400, Dmitri Pal wrote: > >> > >>> On 09/07/2013 02:11 PM, Christian Horn wrote: > >>>> On Sat, Sep 07, 2013 at 12:06:37PM -0500, Dean Hunter wrote: > >>>>> Are [1] and[2] still the current and best sources of information for > >>>>> configuring sudo for use with the current release of FreeIPA on Fedora > >>>>> 19? > >>>>> > >>>>> 1. > >>>>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/sudo.html > >>>>> 2. > >>>>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf > >>>> There is also the Identity_Management_Guide as part of the RHEL > >>>> product documentation: > >>>> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html > >>> This and the pdf above are the latest word in this area. > >>> > >>>> Christian > >>>> > >>>> _______________________________________________ > >>>> Freeipa-users mailing list > >>>> Freeipa-users@redhat.com > >>>> https://www.redhat.com/mailman/listinfo/freeipa-users > >>> > >>> > >> > >> Some sudo rules are causing: > >> > >> [dean@desktop2 ~]$ sudo id > >> sudo: internal error, tried to erealloc3(0) > > > > This is a known bug: > > https://bugzilla.redhat.com/show_bug.cgi?id=1000389 > > > > I think the sudo rules are just missing the sudoHost attribute. > > > >> > >> , but others do not. In the trial and error process of determining > >> which rule specifications are causing the error, I have been restarting > >> the virtual machine I am using as the sudo client between tests. Is > >> there a better way to clear the SSSD cache between trials to make sure I > >> am testing the most recent rule change? > > > > Unfortunately right now the only way is to rm the sssd cache which would > > also remove any cached credentials. > > You don't necessarily have to remove the cache. If you just restart SSSD > the rules will be refreshed in approximately 15 seconds.
Ah! Thank you. I will try to remember that for the next time I have to debug rules > I thought there was an RFE open to > > track the enhancement to make sss_cache invalidate and refresh sudo > > rules, but I can't find it now in the SSSD trac, so I filed another one: > > https://fedorahosted.org/sssd/ticket/2081 > > > > Worst case, we mark it as a duplicate. > > > > _______________________________________________ > > Freeipa-users mailing list > > Freeipa-users@redhat.com > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users