On 7/27/20 11:07 AM, Lukas Slebodnik wrote:
On (26/07/20 12:08), Spike White wrote:
> sssd front-end, AD back-end. Does sssd use initgroups to use initial
> group membership?
> I was recently debugging a sssd connection problem in the
> /var/log/sssd/sssd* logs (debug level 9). and I thought I saw a reference
> to initgroups. or getgrouplist().
> my /etc/nsswitch.conf file has:
> passwd: files systemd sss
> group: files systemd sss
> Should I also have a line with:
> initgroups: files systemd sss
glibc will try to use all possible modules if initgroups is missing in
I would not recommend adding such line to nsswitch.conf
If initgroups line is present it behaves quite differently then what you
would expected and you need to add [SUCCESS=continue] after each module
to get the same result.
If it is not preset it default to "group" map with sane behavior.
This is nice explanation of the problem: