On Fri, Jul 31, 2015 at 09:19:30AM +0700, Dewangga Bachrul Alam wrote:
Hello!
Sorry for making you confused.
The main problem is the cache on ipa server/client. How long the cache
remain active and refresh with correct policy/rules.
See man sssd-sudo for explanation of the sudo lookups.
On Thu, Jul 30, 2015 at 07:09:47PM +0700, Dewangga Bachrul Alam wrote:
Hello Jakub!
Sorry for delayed email,
My bad, I disabled cache_credentials, not sssd_cache.
Then I think it's completely unrelated to the sudo rules problem.
I tried modified my user `dewangga` to remove sudo rules,
Hello Jakub!
Sorry for delayed email,
My bad, I disabled cache_credentials, not sssd_cache.
I tried modified my user `dewangga` to remove sudo rules, the cache
still active even I restart the sssd service and delete all ccache* files.
There's no information on sssd log folder.
-rw---. 1
Hello!
I don't know start from where to tracking down this issue. I found
another something interesting.
1. Set `global_policy` password expired (both min and max) to 0 (zero)
2. Add user called `dummy`
3. Set global_policy password expired min (1) and max (90).
4. Add user called `dummy2`
Both
On Thu, Jul 30, 2015 at 09:50:23PM +0700, Dewangga Bachrul Alam wrote:
Hello!
I don't know start from where to tracking down this issue. I found
another something interesting.
1. Set `global_policy` password expired (both min and max) to 0 (zero)
2. Add user called `dummy`
3. Set
Thanks Martin,
Yes, it is for testing only, when the ipa server ready for production, I
will enable the cache.
Once again, thank you.
On Thursday, July 30, 2015, Martin Kosek mko...@redhat.com wrote:
On 07/29/2015 05:03 PM, Dewangga wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/29/2015 05:03 PM, Dewangga wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
Thanks for the hints both of you, yes the sssd_cache is in play.
Good!
I've set the cache to false, is it have any impact to ipa
server/client (performance, security or another issue)?
Disabling
On Wed, Jul 29, 2015 at 10:03:14PM +0700, Dewangga wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
Thanks for the hints both of you, yes the sssd_cache is in play.
I've set the cache to false, is it have any impact to ipa
server/client (performance, security or another
Hello!
I set the cache value to False on sssd.conf. (On IPA server and client).
On Thursday, July 30, 2015, Jakub Hrozek jhro...@redhat.com wrote:
On Wed, Jul 29, 2015 at 10:03:14PM +0700, Dewangga wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
Thanks for the hints
Hello!
Sorry for making you confused.
The main problem is the cache on ipa server/client. How long the cache
remain active and refresh with correct policy/rules.
Whenever I set the sudo rules, modify another configuration (policy,
etc), it's always have delay.
And until now, the global_policy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello!
Thanks for the hints both of you, yes the sssd_cache is in play.
I've set the cache to false, is it have any impact to ipa
server/client (performance, security or another issue)?
On 7/29/2015 21:39, Jakub Hrozek wrote:
On Wed, Jul 29, 2015
Hello!
I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied
some rules to specified user?
[root@ipa ~]# ipa sudorule-show
Rule name: wheel
Rule name: Wheel
Enabled: TRUE
Host category: all
Command category: all
RunAs User category: all
RunAs Group category: all
On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
Hello!
I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied
some rules to specified user?
[root@ipa ~]# ipa sudorule-show
Rule name: wheel
Rule name: Wheel
Enabled: TRUE
Host category: all
Command category:
On Wed, Jul 29, 2015 at 04:32:42PM +0200, Martin Kosek wrote:
On 07/29/2015 03:22 PM, Dewangga Bachrul Alam wrote:
Hello!
I'm using FreeIPA 4.1.x on CentOS 7, Is there any delay after applied
some rules to specified user?
[root@ipa ~]# ipa sudorule-show
Rule name: wheel
Rule
14 matches
Mail list logo