On Thu, Jul 25, 2013 at 06:01:09PM +0000, Licause, Al (CSC AMS BCS - UNIX/Linux Network
Support) wrote:
Is that to say that when using this under RHEL v6.3 in which we use
sssd to authenticate the user
and then /etc/sudo-ldap.conf to affect the sudo commands, there is no caching ?
There is no caching of *sudo rules*. Caching of the user and his
credentials is still available.
And are you also stating that this should work w/o sssd and just the combination of
/etc/ldap.conf
and /etc/sudo-ldap.conf ?
Define "this". You still need something to read the user identities
with, be it sssd, nss-pam-ldapd or something completely different. sudo
can't do it by itself.
If so, I'm confused because everything I've read states that ldap.conf is no
longer used in RH V6
or at least 6.3 and beyond. I can not get authentication to work with ldap.conf along
having
shutdown sssd.
On 6.3, the alternative to SSSD for user and group lookups is
nss-pam-ldapd. Just configuring ldap.conf is not enough.
But I can understand that if a utility outside of sssd is necessary
to get sudo working for ldap
users, that caching is disabled for that function. Am I correct in my assumptions ?
Correct.