This bug was fixed in the package sudo - 1.8.16-0ubuntu1.3
---------------
sudo (1.8.16-0ubuntu1.3) xenial; urgency=medium
* sssd-doesnt-handle-netgroups.diff, sssd-fix-matching-loop.diff:
Only check username as part of the netgroup when netgroup_tuple is enabled.
(LP: #1607666)
-- Timo Aaltonen <tjaal...@debian.org> Sat, 14 Jan 2017 01:54:21 +0200
** Changed in: sudo (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1607666
Title:
sudo fails with host netgroup returned from freeipa
Status in sudo package in Ubuntu:
Fix Released
Status in sudo source package in Xenial:
Fix Released
Status in sudo source package in Yakkety:
Fix Committed
Bug description:
[Impact]
Sudo currently fails to validate netgroups against host netgroups returned
from the sss plugin, see https://fedorahosted.org/freeipa/ticket/6139 for the
glory details.
This was fixed in sudo 1.8.17
(https://www.sudo.ws/repos/sudo/rev/2eab4070dcf7 to be exact), which
I'd very much like to see backported to Ubuntu 16.04. If possible,
updating sudo completely to 1.8.17 would be nice, since there have
been quite a few improvements with regards to sss and freeipa and it
would be a shame if we could not benefit from them given that 16.04 is
LTS.
[Test case]
install the update, test that sudo works on a freeipa installation that uses
netgroups
[Regression potential]
<tjaalton> I looked at upstream commits to sssd.c, and there were no commits
that touch this area, so chance of regressions should be slim
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1607666/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
