On 10/25/2012 2:43 AM, Stephen Gallagher wrote:
Paul, this has been proposed as
https://fedorahosted.org/sssd/ticket/1376 which is currently slated for
inclusion in SSSD 1.10. You're not the first person to request this
functionality, but it just hasn't been implemented yet.
Cool. Is anybody actively working/planning to work on this? I notice it
is currently owned by "somebody" :). We're fairly hands on, if nobody
else is currently working on this we might take a look at it.
Please test with 'id -G' and not just 'id', as the
latter doesn't just
get the user's group memberships but also retrieves the full contents of
each of the groups.
initgroups() isn't a problem; there's no noticeable delay logging in.
But I don't think I can reasonably prevent people from running 'id -a'
(-G only provides less than informative gids), or even just 'ls -l' on
an object owned by one of the large groups...
--
Paul B. Henson | (909) 979-6361 |
http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | henson(a)csupomona.edu
California State Polytechnic University | Pomona CA 91768