sssd/0010-sudo-document-background-activity.patch
Lukas Slebodnik 6f4bba5546 Backport most important bug fixes
Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in
                          setnetgrent_result_timeout
Resolves: upstream#3562 - Use-after free if more sudo requests run and one
                          of them fails, causing a fail-over to a next server
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
                          or machine swaps
Resolves: failure in glibc tests
          https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
                          auth_provider ldap, login fails if the LDAP server
                          is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
                          corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
                          if krb5_init_context() failed
Resolves: rhbz#1479283 - proxy to files does not work with
                         implicit_files_domain
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
                         in /etc/systemd/system
2017-12-04 22:23:49 +01:00

42 lines
1.8 KiB
Diff

From a0f79dd38cffc5ad382aae9baba76863678c26ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 20 Oct 2017 11:49:26 +0200
Subject: [PATCH 10/79] sudo: document background activity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When we introduced socket activation, we changed the internall behaviour.
Previously we disabled sudo if it was not listed in services, with
socket activation we removed this feature. Some users were confused
so this change documents current behaviour.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
---
src/man/sssd.conf.5.xml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 1e8d9537517c85c3021b9c2c4185ea272c5bfffa..b247b5ac75a82d45f29023f5f9ca24a3a7a5ce0c 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2348,6 +2348,14 @@ pam_account_locked_message = Account locked, please contact help desk.
<manvolnum>5</manvolnum>
</citerefentry>.
</para>
+ <para>
+ <emphasis>NOTE:</emphasis> Sudo rules are
+ periodically downloaded in the background unless
+ the sudo provider is explicitly disabled. Set
+ <emphasis>sudo_provider = None</emphasis> to
+ disable all sudo-related activity in SSSD if you do
+ not want to use sudo with SSSD at all.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
--
2.15.1