[Freeipa-users] SUDO and group lookup in AD trust
Jakub Hrozek
jhrozek at redhat.com
Thu Aug 25 08:32:40 UTC 2016
On Thu, Aug 25, 2016 at 09:24:34AM +0200, Troels Hansen wrote:
> Hmm, sometimes the man page actually helps....
>
> It seems setting "default_domain_suffix" to allow users to log in, without the domain part changes use_fully_qualified_names default to true, without the option of setting it false.....
>
> So, we have two options:
> - Have users always use their full login including domain
> - Setting default_domain_suffix to help the users and efficiently break SUDO?
>
> Can this be true?
Yes, sudo together with default_domain_suffix only works with 1.14+
More information about the Freeipa-users
mailing list