[Freeipa-users] Sudo entry not found by sssd in the cache db
Alexander Bokovoy
abokovoy at redhat.com
Tue Sep 15 10:58:07 UTC 2015
On Tue, 15 Sep 2015, Molnár Domokos wrote:
>>#hostnamectl set-hostname nappali.silva
>>on modern systems.
>>
>>> doma at nappali:/home/doma> hostname --fqdn
>>> nappali.szilva
> doma at nappali:/home/doma> su
>Password:
>nappali:/home/doma # hostnamectl set-hostname nappali.szilva
>nappali:/home/doma # hostname
>nappali.szilva
>nappali:/home/doma # hostname --fqdn
>nappali.szilvanappali:/home/doma # su doma
>sh-4.2$ sudo ls
>doma's password:
>20140921.ZIP Oracle_VM_VirtualBox_Extension_Pack-4.3.26-98988.vbox-extpack
>42646515_eb8d7dcabe416247463f1bc8652adced.pdf
> Now it works, the rule is matched.I'm not sure this is the
> intended way especially seeing the fqdn mechanism in the sudo code
> but I'll just keep it that way.Thank you.
sudo doesn't do normalization and IPA's way of exposing host names is
by using by default fqdn. So sudo compares local hostname with
fqdn-based one, guess which way it will succeed?
You theoretically could have every hostname in IPA registered non-fqdn
but what you cannot have is a mix between fqdn- and non-fqdn names.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list