On Mon, 22 Feb 2016, Prashant Bapat wrote:
Sorry not an option. I have couple of 1000s of instances. Aside from
switching OS is there any other option? I mean "*" char is allowed in
standard sudo implementation. To me it seems like there should not be a
host name check on sudo hosts.
sudoers.ldap has a warning that wildcards in sudo entries may not be supported by all LDAP servers.

I don't think using wildcards is a good one, from multiple points of
view. Applying group checks, with auto-membership plugin on IPA side
used to populate the groups is much better maintenance-wise (and
security too, if you ask me).


On 22 February 2016 at 12:22, Alexander Bokovoy <aboko...@redhat.com> wrote:

On Mon, 22 Feb 2016, Prashant Bapat wrote:

SSSD on Amazon linux is a dead end! I have tried since a year without any
definitive answer.

Any other suggestions ?

Switch to CentOS AMIs.

--
/ Alexander Bokovoy


--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to