[sudo-users] sudo on Solaris 10 non global zone with Powerbroker Open 7
Martin, Jeff
Jeff.Martin at tais.toshiba.com
Wed Jun 27 15:17:42 EDT 2012
Todd,
I disabled lsass in /etc/nsswitch.conf for groups and its now as fast as we are used to.
However, wouldn't it be bad to leave it disabled?
Jeff
-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: Wednesday, June 27, 2012 12:16 PM
To: Martin, Jeff; sudo-users at sudo.ws
Subject: Re: [sudo-users] sudo on Solaris 10 non global zone with Powerbroker Open 7
On Wed, 27 Jun 2012 15:03:48 EDT, "Todd C. Miller" wrote:
> It is possible that the problem is with the Powerbroken Open nss
> module when resolving groups. You could try using local groups
> file in /etc/nsswitch.conf and see if sudo returns more quickly.
Alternately, you could create /etc/sudo.conf with a line like:
Debug sudo /var/log/sudo_debug nss at trace
then run a sudo command. If you look in /var/log/sudo_debug
for the lines that contain:
-> make_grlist_item
and
<- make_grlist_item
and compare the timestamps for the -> (function entered) and <-
(function exit) lines, if you see that function taking several
minutes then the problem is with group ID to name resolution in the
Powerbroken Open nss module.
- todd
________________________________
This message may contain confidential information. If you are not the intended recipient of this e-mail, do not disseminate, distribute or copy this e-mail and delete this e-mail from your system.
More information about the sudo-users
mailing list