https://bugzilla.redhat.com/show_bug.cgi?id=711693
Also see the thread
https://www.redhat.com/archives/freeipa-devel/2011-June/msg00069.html
Will be looked at again in 2.2 but no guarantee.
This is being currently worked on in FreeIPA 3.4 in ticket #3566. When this feature is done, you will be able to select who can read the sudo container and it's data (all users, authenticated or just a specific group of users).
This ticket is not complete yet, moving to next month milestone.
Access to sudo objects can be now controlled via managed permissions:
master: 7786ff6
The default is to allow read access to all authenticated users, but it can be also restricted only to a group of users. See #3566 for details.
Metadata Update from @dpal: - Issue assigned to pviktori - Issue set to the milestone: FreeIPA 4.0 - 2014/04
Login to comment on this ticket.