[Pkg-sssd-devel] Bug#913297: nsswitch.conf: don't add sss to sudo, if ipa-client-install was run with --no-sudo
Harald Dunkel
harald.dunkel at aixigo.de
Fri Nov 9 09:20:00 GMT 2018
Package: libsss-sudo
Version: 1.16.3-2
ipa client was installed with
ipa-client-install --no-ssh --no-sshd --no-nisdomain --no-sudo --no-ntp --no-dns-sshfp
Problem: libsss-sudo.postinst adds an entry "sss" to the sudo line
in nsswitch.conf. This triggers a ton of notification EMails in
our monitoring software (zabbix). Something like 30 EMails per
minute. For each ipa client with this sudo line.
Of course we can modify our monitoring somehow, or kick out sudo from
nsswitch.conf completely, but is it reasonable to configure sss for
sudo, if it was explicitly disabled on the ipa-client-install command
line?
Regards
Harri
More information about the Pkg-sssd-devel
mailing list