[Freeipa-users] sudo rules in IPA infrastructure
Jakub Hrozek
jhrozek at redhat.com
Sat May 19 17:16:39 UTC 2012
On Fri, May 18, 2012 at 02:35:18PM -0700, Gelen James wrote:
> Hi all,
> Are the sudo rules applied to IPA clients through nss_ldap, instead of
> sssd?
Neither :-)
sudo looks up the user information via the standard name-service-switch
maps, so if your machine is configured to fetch user and group
information using the sss NSS module in nsswitch.conf, then the requests
get to sssd.
As Stephen Ingram pointed out elsewhere in this thread, sudo only reads
the nss_ldap/nss-pam-ldapd config files but establishes the connection
to the LDAP server and fetches the data on its own.
More information about the Freeipa-users
mailing list