During our evaluation phase we're facing following problem. One particular user
were granted sudo permission with the help of a sudo rule. The user can
successfully access the host via SSH and switched to user root by using the
sudo command, which was enabled for the user with the sudo rule.
Thanks for the fast reply and great support.
The usage of 'entry_cache_sudo_timeout' parameter does the trick.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
Hi,
Today I faced the issue that Kerberos authentication stopped working after
disabling PasswordAuthentication in /etc/ssh/sshd_config on a FreeIPA client.
The deactivation of this option was done due to security issues.
Is it really necessary to have this option set to yes when using
Yesterday I installed the FreeIPA client on machine and after the installation
the login with password worked fine. After that I tried to login with a valid
Kerberos ticket and it failed. First i traced the ssh login:
ssh -vvv da...@test.example.com
---cut---
debug2: key:
configuration and the login with
Kerberos authentication is working now:
[libdefaults]
ignore_acceptor_hostname = true
I'm still wondering what is wrong with the machine's configuration.
- Original Message -
From: Rob Crittenden rcrit...@redhat.com
To: David Kreuter david.kreu
Exactly, this was the issue. After fixing the etc hosts configuration kerberos
authentication works fine for this machine without having this special krb
option set. Thanks!
On 18 April 2014 15:49:50 CEST, Simo Sorce s...@redhat.com wrote:
On Fri, 2014-04-18 at 10:14 +0200, David Kreuter wrote
We have been using FreeIPA since two years and were more than happy. But since
two weeks we are facing unexpected crashed and can not really debug the strange
behaviours. The crashes are definitely not caused by connecting a new system or
changing the LDAP schema heavily. Following IPA is used: