8917ef788c
It can be now enabled with 'authselect select sssd with-sudo',
see [1] for details.
[1] 4b1981a672
44 lines
1.4 KiB
Diff
44 lines
1.4 KiB
Diff
From 4b1981a67216f56e67cff3887fe38ee8063ee0b2 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
Date: Wed, 9 May 2018 14:27:56 +0200
|
|
Subject: [PATCH] sssd: disable sudo by default
|
|
|
|
SSSD's sudo responder is not enabled by default on Fedora systems,
|
|
therefore having it enabled in nsswitch.conf produced warnings in
|
|
logs or sudo mails.
|
|
---
|
|
profiles/sssd/README | 3 +++
|
|
profiles/sssd/nsswitch.conf | 2 +-
|
|
2 files changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/profiles/sssd/README b/profiles/sssd/README
|
|
index d2e104f80ce1c1993c683f5c5331f09e8afa1ee9..a7e6e640eefa1268586169b7349e8ed6d062066f 100644
|
|
--- a/profiles/sssd/README
|
|
+++ b/profiles/sssd/README
|
|
@@ -50,6 +50,9 @@ with-fingerprint::
|
|
with-silent-lastlog::
|
|
Do not produce pam_lastlog message during login.
|
|
|
|
+with-sudo::
|
|
+ Allow sudo to use SSSD as a source for sudo rules in addition of /etc/sudoers.
|
|
+
|
|
EXAMPLES
|
|
--------
|
|
|
|
diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
|
|
index fa5d76a9594dca9b9e192af7774600451557e5c5..cde7964a8531ae2b5e28ed6bf5428731b80b6ece 100644
|
|
--- a/profiles/sssd/nsswitch.conf
|
|
+++ b/profiles/sssd/nsswitch.conf
|
|
@@ -3,7 +3,7 @@ group: sss files
|
|
netgroup: sss files
|
|
automount: sss files
|
|
services: sss files
|
|
-sudoers: files sss
|
|
+sudoers: files {if "with-sudo":sss}
|
|
|
|
shadow: files
|
|
ethers: files
|
|
--
|
|
2.14.3
|
|
|