On Thu, Sep 24, 2015 at 03:39:48PM +0200, Christoph Kaminski wrote:
> Hi
> I have 3 problems/questions with ipa and sudo...
> 1. How to make a GLOBAL sudo rule with all the options what I want to 
> have? (e.g. !authenticate). I have tried to make a sudo rule for all users 
> on all hosts whom all users but without command and it doesnt work... Do I 
> need to set it for each rule separately?

Pavel (CC) would know this better, in native sudo there is a global
entry but I keep forgetting what it is in IPA..

> 2. How can I with sss_cache invalidate sudo rules? Do I need ever to kill 
> all files inside /var/lib/sssd/db? I dont see an option in sss_cache for 
> this :/

sss_cache can't do that because at the moment the sudo rule updates are
kinda complex. See man sssd-sudo for all the different refreshes. You
can either cycle sssd by sending it USR1 and then USR2 or tune the cache

> 3. How long is the time where sssd invalidates the sudo rules and make a 
> new look into ipa? Can I set this time?

See above.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to