On Mon, 22 Feb 2016, Prashant Bapat wrote:
Sorry not an option. I have couple of 1000s of instances. Aside from
switching OS is there any other option? I mean "*" char is allowed in
standard sudo implementation. To me it seems like there should not be a
host name check on sudo hosts.
sudoers.ldap has a warning that wildcards in sudo entries may not be
supported by all LDAP servers.
I don't think using wildcards is a good one, from multiple points of
view. Applying group checks, with auto-membership plugin on IPA side
used to populate the groups is much better maintenance-wise (and
security too, if you ask me).
On 22 February 2016 at 12:22, Alexander Bokovoy <[email protected]> wrote:
On Mon, 22 Feb 2016, Prashant Bapat wrote:
SSSD on Amazon linux is a dead end! I have tried since a year without any
definitive answer.
Any other suggestions ?
Switch to CentOS AMIs.
--
/ Alexander Bokovoy
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
