On 04/11/2013 09:55 AM, Simo Sorce wrote:
Because the PAM stack is completely separate from the NSS stack, although we suggest people to not do this normally you can use an option in nsswitch.conf to avoid falling through NSS modules during the initgroups call to avoid paying the penalty for local users. The option is called 'initgroupss', where you can list files and sss as databases. Note that we normally *do not* recommend this option, here is a discussion of the why: https://bugzilla.redhat.com/show_bug.cgi?id=835612 Simo.
Thanks, that works as a workaround. If I can get an answer to my earlier question about sss_aduser in a LOCAL domain I'll consider migrating completely to sssd for local and domain logins, at which point I can remove this modification to nsswitch.
/Harry
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
