URL: https://github.com/SSSD/sssd/pull/574 Author: fidencio Title: #574: cache_req: Don't force a fqname for files provider output Action: opened
PR body: """ As we're enforcing the output of files provider to be fully-qualified we can face some weirdness when using domain_resolution_order as: [user@implicit_files@machine]$
This is not only not coherent but also causes issues when the local user, which is managed by the files provider, tries to do a `sudo su`. In this scenario, the user is asked by the password (doesn't matter whether it's part of sudoers) and never is allowed to log-in.
In order to avoid the issues described above, let's just not force the output of the files provider to be fully-qualified.
NOTE: I do not understand clearly why the issue with sudo happens.
"""
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/574/head:pr574 git checkout pr574
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
fidencio commented: """ I've dropped an email to both @jhrozek and @pbrezina about the sudo behaviour and I'll update the commit message and this PR as soon as I hear back from them. """
See the full comment at https://github.com/SSSD/sssd/pull/574#issuecomment-390686185
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
fidencio commented: """ CI: http://vm-031.$%7Babc%7D/logs/job/89/35/summary.html """
See the full comment at https://github.com/SSSD/sssd/pull/574#issuecomment-390703262
URL: https://github.com/SSSD/sssd/pull/574 Author: fidencio Title: #574: cache_req: Don't force a fqname for files provider output Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/574/head:pr574 git checkout pr574
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
fidencio commented: """ I have updated the commit message based on the discussion I had with @pbrezina and @jhrozek.
From the updated commit message: " As the most common scenario for *local* users is to have the user (non-fully-qualified) in sudoers and, as sudo simply compares usernames, changing the output from non fully-qualified to fully-qualified would break this scenario, not allowing the user which has sudo access to use sudo. " """
See the full comment at https://github.com/SSSD/sssd/pull/574#issuecomment-390916369
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
pbrezina commented: """ I agree that a files provider implicitly should not use qualified names. Please, also document it in sssd.conf man page. Otherwise ack.
"""
See the full comment at https://github.com/SSSD/sssd/pull/574#issuecomment-391358876
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/574 Author: fidencio Title: #574: cache_req: Don't force a fqname for files provider output Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/574/head:pr574 git checkout pr574
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
fidencio commented: """ I've updated the man page, please, let me know if you have some suggestion for a more clear sentence. """
See the full comment at https://github.com/SSSD/sssd/pull/574#issuecomment-391389379
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
pbrezina commented: """ I'm fine with this description. Ack. """
See the full comment at https://github.com/SSSD/sssd/pull/574#issuecomment-391658436
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
fidencio commented: """ master: 7f6ff80 a16d974 74a5147 """
See the full comment at https://github.com/SSSD/sssd/pull/574#issuecomment-392449761
URL: https://github.com/SSSD/sssd/pull/574 Author: fidencio Title: #574: cache_req: Don't force a fqname for files provider output Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/574/head:pr574 git checkout pr574
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/574 Title: #574: cache_req: Don't force a fqname for files provider output
Label: -Accepted
sssd-devel@lists.fedorahosted.org
-
fidencio -
jhrozek
-
pbrezina