On Fri, 26 Sep 2014 13:44:56 +0200 Joakim Tjernlund <[email protected]> wrote:
> I see this the other way, SSSD has little to no technical reason to > deny an AD root user. SSSD denies access to any 'root' or uid = 0 users from any domain regardless of type. The technical decision was made when we started the project to avoid causing issues recovering a machine should sssd misbheave. By not handling the root user we cannot break the root user login. > It is just an "architectural decision" and best practice > enforced with no way out. Indeed, there is no way out, and SSSD internals make it impossible to easily fix as uid=0 is considered an invalid uid throughout all the caching layer. Sorry it does not meet your expectations, but this is how it works. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
