Learn more about these different git repos.
Other Git URLs
This request came from Daniel.
The sudo binary needs a method to only download cn=defaults in addition to sending defaults along with a user record.
We need to extend the wire protocol with a new method that would send back cn=defaults only.
Fields changed
owner: somebody => pbrezina status: new => assigned
A little more context:
In the structure that the SUDO LDAP schema uses, there is a special record whose CN attribute is "defaults". Its meaning is equivalent to the "Defaults" line in /etc/sudoers - it carries options that should be applied to all the rules (for example env_keep+=SSH_AUTH_SOCK).
When sudo evaluates the rules, it asks for sudoRule "cn=defaults" (that is hardcoded in the sudo binary) and parses out the options.
Currently the API for communication between sudo and sssd only has one method that downloads and returns all the rules that apply for a given user and returns the rules ALONG WITH the "cn=defaults" record.
During development of the sudo part Daniel discovered it would be more handy to have a special method for rules that apply to the user and a special method to retreive only "cn=defaults".
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.8 SUDO Support
rhbz: => 0
master:
resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to pbrezina - Issue set to the milestone: SUDO Support
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2185
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.