6f4bba5546
Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout Resolves: upstream#3562 - Use-after free if more sudo requests run and one of them fails, causing a fail-over to a next server Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed Resolves: rhbz#1479283 - proxy to files does not work with implicit_files_domain Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system
42 lines
1.8 KiB
Diff
42 lines
1.8 KiB
Diff
From a0f79dd38cffc5ad382aae9baba76863678c26ee Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
Date: Fri, 20 Oct 2017 11:49:26 +0200
|
|
Subject: [PATCH 10/79] sudo: document background activity
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
When we introduced socket activation, we changed the internall behaviour.
|
|
Previously we disabled sudo if it was not listed in services, with
|
|
socket activation we removed this feature. Some users were confused
|
|
so this change documents current behaviour.
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
---
|
|
src/man/sssd.conf.5.xml | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
|
|
index 1e8d9537517c85c3021b9c2c4185ea272c5bfffa..b247b5ac75a82d45f29023f5f9ca24a3a7a5ce0c 100644
|
|
--- a/src/man/sssd.conf.5.xml
|
|
+++ b/src/man/sssd.conf.5.xml
|
|
@@ -2348,6 +2348,14 @@ pam_account_locked_message = Account locked, please contact help desk.
|
|
<manvolnum>5</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
+ <para>
|
|
+ <emphasis>NOTE:</emphasis> Sudo rules are
|
|
+ periodically downloaded in the background unless
|
|
+ the sudo provider is explicitly disabled. Set
|
|
+ <emphasis>sudo_provider = None</emphasis> to
|
|
+ disable all sudo-related activity in SSSD if you do
|
|
+ not want to use sudo with SSSD at all.
|
|
+ </para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
--
|
|
2.15.1
|
|
|