On 09/25/2015 10:06 AM, Jakub Hrozek wrote:
On Thu, Sep 24, 2015 at 03:39:48PM +0200, Christoph Kaminski wrote:
Hi
I have 3 problems/questions with ipa and sudo...
1. How to make a GLOBAL sudo rule with all the options what I want to
have? (e.g. !authenticate). I have tried to make a sudo rule for all users
on all hosts whom all users but without command and it doesnt work... Do I
need to set it for each rule separately?
Pavel (CC) would know this better, in native sudo there is a global
entry but I keep forgetting what it is in IPA..
Hi, please, create a rule named "defaults".
I see this question is returning frequently. I think it should be
supported directly by user interface.
2. How can I with sss_cache invalidate sudo rules? Do I need ever to kill
all files inside /var/lib/sssd/db? I dont see an option in sss_cache for
this :/
sss_cache can't do that because at the moment the sudo rule updates are
kinda complex. See man sssd-sudo for all the different refreshes. You
can either cycle sssd by sending it USR1 and then USR2 or tune the cache
refreshes.
3. How long is the time where sssd invalidates the sudo rules and make a
new look into ipa? Can I set this time?
See above.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
