On 7/27/20 11:07 AM, Lukas Slebodnik wrote:
> On (26/07/20 12:08), Spike White wrote:
>> All,
>>
>> sssd front-end, AD back-end.    Does sssd use initgroups to use initial
>> group membership?
>>
>> I was recently debugging a sssd connection problem in the
>> /var/log/sssd/sssd* logs (debug level 9).  and I thought I saw a reference
>> to initgroups.  or getgrouplist().
>>
>> my /etc/nsswitch.conf file has:
>>
>>   passwd:  files systemd sss
>>   group:  files systemd sss
>>
>> Should I also have a line with:
>>
>>   initgroups:  files systemd sss
>>
>
> glibc will try to use all possible modules if initgroups is missing in
> /etc/nsswitch.conf.
>
> I would not recommend adding such line to nsswitch.conf

If initgroups line is present it behaves quite differently then what you
would expected and you need to add [SUCCESS=continue] after each module
to get the same result.

If it is not preset it default to "group" map with sane behavior.

This is nice explanation of the problem:
https://bugs.gentoo.org/682314#c2
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org