[Touch-packages] [Bug 1607666] Re: sudo fails with host netgroup returned from freeipa
Sorry, cannot confirm on yakkety since we do not deploy there yet. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1607666 Title: sudo fails with host netgroup returned from freeipa Status in sudo package in Ubuntu: Fix Released Status in sudo source package in Xenial: Fix Committed Status in sudo source package in Yakkety: Fix Committed Bug description: [Impact] Sudo currently fails to validate netgroups against host netgroups returned from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the glory details. This was fixed in sudo 1.8.17 (https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which I'd very much like to see backported to Ubuntu 16.04. If possible, updating sudo completely to 1.8.17 would be nice, since there have been quite a few improvements with regards to sss and freeipa and it would be a shame if we could not benefit from them given that 16.04 is LTS. [Test case] install the update, test that sudo works on a freeipa installation that uses netgroups [Regression potential] I looked at upstream commits to sssd.c, and there were no commits that touch this area, so chance of regressions should be slim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1607666] Re: sudo fails with host netgroup returned from freeipa
Can confirm that it works, just pulled it on our machines. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1607666 Title: sudo fails with host netgroup returned from freeipa Status in sudo package in Ubuntu: Fix Released Status in sudo source package in Xenial: Fix Committed Status in sudo source package in Yakkety: New Bug description: [Impact] Sudo currently fails to validate netgroups against host netgroups returned from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the glory details. This was fixed in sudo 1.8.17 (https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which I'd very much like to see backported to Ubuntu 16.04. If possible, updating sudo completely to 1.8.17 would be nice, since there have been quite a few improvements with regards to sss and freeipa and it would be a shame if we could not benefit from them given that 16.04 is LTS. [Test case] install the update, test that sudo works on a freeipa installation that uses netgroups [Regression potential] I looked at upstream commits to sssd.c, and there were no commits that touch this area, so chance of regressions should be slim To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1607666] Re: sudo fails with host netgroup returned from freeipa
Can confirm that this seems to work for us. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1607666 Title: sudo fails with host netgroup returned from freeipa Status in sudo package in Ubuntu: Confirmed Status in sudo source package in Xenial: Confirmed Status in sudo source package in Yakkety: New Bug description: Sudo currently fails to validate netgroups against host netgroups returned from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the glory details. This was fixed in sudo 1.8.17 (https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which I'd very much like to see backported to Ubuntu 16.04. If possible, updating sudo completely to 1.8.17 would be nice, since there have been quite a few improvements with regards to sss and freeipa and it would be a shame if we could not benefit from them given that 16.04 is LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1646256] Re: Update sudo for proper support of netgroups
Seems to be a duplicate of https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1646256 Title: Update sudo for proper support of netgroups Status in sudo package in Ubuntu: Confirmed Bug description: sudo v1.8.16 has a bug that prevents it from working properly with netgroups. The main affected usage case that I'm aware of is when using FreeIPA to define host groups, and then using those host groups within sudo rules. It would appear that a release >=1.8.17 resolves the issue. https://bugzilla.redhat.com/show_bug.cgi?id=1348672 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/sudo.html#abt-sudo2 Package: sudo 1.8.16-0ubuntu1.2 Distribution: Ubuntu 16.04 and later To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1646256/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1607666] [NEW] sudo fails with host netgroup returned from freeipa
Public bug reported: Sudo currently fails to validate netgroups against host netgroups returned from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the glory details. This was fixed in sudo 1.8.17 (https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which I'd very much like to see backported to Ubuntu 16.04. If possible, updating sudo completely to 1.8.17 would be nice, since there have been quite a few improvements with regards to sss and freeipa and it would be a shame if we could not benefit from them given that 16.04 is LTS. ** Affects: sudo (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to sudo in Ubuntu. https://bugs.launchpad.net/bugs/1607666 Title: sudo fails with host netgroup returned from freeipa Status in sudo package in Ubuntu: New Bug description: Sudo currently fails to validate netgroups against host netgroups returned from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the glory details. This was fixed in sudo 1.8.17 (https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which I'd very much like to see backported to Ubuntu 16.04. If possible, updating sudo completely to 1.8.17 would be nice, since there have been quite a few improvements with regards to sss and freeipa and it would be a shame if we could not benefit from them given that 16.04 is LTS. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
