You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the structure that the SUDO LDAP schema uses, there is a special record whose CN attribute is "defaults". Its meaning is equivalent to the "Defaults" line in /etc/sudoers - it carries options that should be applied to all the rules (for example env_keep+=SSH_AUTH_SOCK).
When sudo evaluates the rules, it asks for sudoRule "cn=defaults" (that is hardcoded in the sudo binary) and parses out the options.
Currently the API for communication between sudo and sssd only has one method that downloads and returns all the rules that apply for a given user and returns the rules ALONG WITH the "cn=defaults" record.
During development of the sudo part Daniel discovered it would be more handy to have a special method for rules that apply to the user and a special method to retreive only "cn=defaults".
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1143
This request came from Daniel.
The sudo binary needs a method to only download cn=defaults in addition to sending defaults along with a user record.
We need to extend the wire protocol with a new method that would send back cn=defaults only.
Comments
Comment from pbrezina at 2012-01-16 10:24:18
Fields changed
owner: somebody => pbrezina
status: new => assigned
Comment from jhrozek at 2012-01-16 16:28:03
A little more context:
In the structure that the SUDO LDAP schema uses, there is a special record whose CN attribute is "defaults". Its meaning is equivalent to the "Defaults" line in /etc/sudoers - it carries options that should be applied to all the rules (for example env_keep+=SSH_AUTH_SOCK).
When sudo evaluates the rules, it asks for sudoRule "cn=defaults" (that is hardcoded in the sudo binary) and parses out the options.
Currently the API for communication between sudo and sssd only has one method that downloads and returns all the rules that apply for a given user and returns the rules ALONG WITH the "cn=defaults" record.
During development of the sudo part Daniel discovered it would be more handy to have a special method for rules that apply to the user and a special method to retreive only "cn=defaults".
Comment from pbrezina at 2012-01-17 18:00:19
Fields changed
patch: 0 => 1
Comment from dpal at 2012-01-19 15:39:17
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.8 SUDO Support
Comment from dpal at 2012-01-19 16:23:28
Fields changed
rhbz: => 0
Comment from jhrozek at 2012-01-28 17:09:31
master:
resolution: => fixed
status: assigned => closed
Comment from jhrozek at 2017-02-24 14:29:58
Metadata Update from @jhrozek:
The text was updated successfully, but these errors were encountered: