Simo Sorce <[email protected]> wrote on 2014/09/26 18:34:56: > > On Fri, 26 Sep 2014 13:44:56 +0200 > Joakim Tjernlund <[email protected]> wrote: > > > I see this the other way, SSSD has little to no technical reason to > > deny an AD root user. > > SSSD denies access to any 'root' or uid = 0 users from any domain > regardless of type. > The technical decision was made when we started the project to avoid > causing issues recovering a machine should sssd misbheave. By not > handling the root user we cannot break the root user login. > > > It is just an "architectural decision" and best practice > > enforced with no way out. > > Indeed, there is no way out, and SSSD internals make it impossible to > easily fix as uid=0 is considered an invalid uid throughout all the > caching layer. > > Sorry it does not meet your expectations, but this is how it works.
I understand better now. Thank you for bearing with me and the history lesson. We will adapt and make sure sudo and k5login are setup on every install. Jocke _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
