On 1/22/21 3:11 PM, Judd Gaddie wrote:
Is there any way to use nsswitch or another mechanism to not bother
using sss when it matches a sudo rule locally?
Something like sudoers: files [SUCCESS=return] sss
I don't think that sudo supports this.
I am looking for a way to bypass sssd's performance issues by
using local sudoers files while at the same time still having sss for other rules.
Can you share sudo and sssd log files?
https://sssd.io/docs/users/troubleshooting/sudo_troubleshooting.html
Do you have only local sudoers or also some rules in LDAP?