On Thu, Sep 24, 2015 at 03:39:48PM +0200, Christoph Kaminski wrote: > Hi > > I have 3 problems/questions with ipa and sudo... > > 1. How to make a GLOBAL sudo rule with all the options what I want to > have? (e.g. !authenticate). I have tried to make a sudo rule for all users > on all hosts whom all users but without command and it doesnt work... Do I > need to set it for each rule separately?
Pavel (CC) would know this better, in native sudo there is a global entry but I keep forgetting what it is in IPA.. > > 2. How can I with sss_cache invalidate sudo rules? Do I need ever to kill > all files inside /var/lib/sssd/db? I dont see an option in sss_cache for > this :/ sss_cache can't do that because at the moment the sudo rule updates are kinda complex. See man sssd-sudo for all the different refreshes. You can either cycle sssd by sending it USR1 and then USR2 or tune the cache refreshes. > > 3. How long is the time where sssd invalidates the sudo rules and make a > new look into ipa? Can I set this time? See above. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project