[Freeipa-users] sudo options/sss_cache
Jakub Hrozek
jhrozek at redhat.com
Fri Sep 25 08:06:36 UTC 2015
On Thu, Sep 24, 2015 at 03:39:48PM +0200, Christoph Kaminski wrote:
> Hi
>
> I have 3 problems/questions with ipa and sudo...
>
> 1. How to make a GLOBAL sudo rule with all the options what I want to
> have? (e.g. !authenticate). I have tried to make a sudo rule for all users
> on all hosts whom all users but without command and it doesnt work... Do I
> need to set it for each rule separately?
Pavel (CC) would know this better, in native sudo there is a global
entry but I keep forgetting what it is in IPA..
>
> 2. How can I with sss_cache invalidate sudo rules? Do I need ever to kill
> all files inside /var/lib/sssd/db? I dont see an option in sss_cache for
> this :/
sss_cache can't do that because at the moment the sudo rule updates are
kinda complex. See man sssd-sudo for all the different refreshes. You
can either cycle sssd by sending it USR1 and then USR2 or tune the cache
refreshes.
>
> 3. How long is the time where sssd invalidates the sudo rules and make a
> new look into ipa? Can I set this time?
See above.
More information about the Freeipa-users
mailing list