Unfortunately sudo package included in amzn linux does not work with sudo rules
provided via SSS however it is in the feature requests list.
To workaround this you can replace it with the CentOS one:
http://mirror.centos.org/centos/6.7/os/x86_64/Packages/sudo-1.8.6p3-19.el6.x86_64.rpm
_
Hi Gustavo,
Using settings from 'ipa-advise config-redhat-sssd-before-1-9' with below
modifications seems to work quite well:
- on ipa server add permisson to read ipaSshPubKey anonymously:
[ipa-server]# ipa permission-add 'Read ipaSshPubKey' --type=user
--attrs=ipaSshPubKey --bindtype=anonym