[Pkg-sssd-devel] Bug#913297: Bug#913297: nsswitch.conf: don't add sss to sudo, if ipa-client-install was run with --no-sudo
Timo Aaltonen
tjaalton at debian.org
Fri Nov 9 09:35:23 GMT 2018
On 9.11.2018 11.20, Harald Dunkel wrote:
> Package: libsss-sudo
> Version: 1.16.3-2
>
> ipa client was installed with
>
> ipa-client-install --no-ssh --no-sshd --no-nisdomain --no-sudo
> --no-ntp --no-dns-sshfp
>
> Problem: libsss-sudo.postinst adds an entry "sss" to the sudo line
> in nsswitch.conf. This triggers a ton of notification EMails in
> our monitoring software (zabbix). Something like 30 EMails per
> minute. For each ipa client with this sudo line.
>
> Of course we can modify our monitoring somehow, or kick out sudo from
> nsswitch.conf completely, but is it reasonable to configure sss for
> sudo, if it was explicitly disabled on the ipa-client-install command
> line?
'no-sudo' does nothing on Debian, because we don't have
authconfig/authselect like Fedora. Maybe freeipa-client should only
Recommend the package (like sssd-common), so that you can remove it if
not needed.
--
t
More information about the Pkg-sssd-devel
mailing list