On 10/25/2012 06:13 PM, Paul B. Henson wrote:
On 10/25/2012 2:43 AM, Stephen Gallagher wrote:
> Paul, this has been proposed as
which is currently slated for
> inclusion in SSSD 1.10. You're not the first person to request this
> functionality, but it just hasn't been implemented yet.
Cool. Is anybody actively working/planning to work on this? I notice
it is currently owned by "somebody" :). We're fairly hands on, if
nobody else is currently working on this we might take a look at it.
Patches are very welcome indeed :-)
> Please test with 'id -G' and not just 'id', as the latter doesn't
> get the user's group memberships but also retrieves the full contents of
> each of the groups.
initgroups() isn't a problem; there's no noticeable delay logging in.
But I don't think I can reasonably prevent people from running 'id -a'
(-G only provides less than informative gids), or even just 'ls -l' on
an object owned by one of the large groups...
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?