On 02/08/2017 11:59 AM, Nathanaël Blanchet wrote:
on latest IPA, when adding a command to a rule or a sudo option for
example, the change is not active on the user session.
For example, after removing !authenticate option, I still can execute
sudo commands without password.
I tried to logout and relogin, but nothing changes, but on a new vm
where never logeed in before it wroks.
Is there a cache or somting to do so as to commands to be immediatly

sudo rules are cache on the client and refresh happens periodically. We have several update mechanisms that deals with finding new rules, deleting non-existent ones and updating expired but it cannot be performed on desired at the moment. We have a ticket for that [1]. Please see 'man sssd-sudo' to get better understanding how it works.

It is possible to expired cached rules with sss_cache. This won't find you newly added rules but it will fetch updated rules and removed deleted ones.

[1] https://fedorahosted.org/sssd/ticket/2884

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to