[sudo-users] sudo + sssd backend on FreeBSD 10.3 client
Todd C. Miller
Todd.Miller at sudo.ws
Tue Feb 20 18:27:29 MST 2018
On Tue, 20 Feb 2018 14:09:09 -0700, "Todd C. Miller" wrote:
> All the netgroup lookups appear to be for "netgroup" followed by a
> number and they are used in a host context. That leads me to believe
> these are sss host groups being shadowed as netgroups by FreeIPA.
I realized after I sent this that those are probably just the
santized names. Either way, the sudoers policy in LDAP/sss does
seem to be relying on host netgroups.
> Putting the netgroup database in a local NIS server would probably
> be quite a bit faster.
I think running an NIS server on the local machine for netgroups
is probably your best bet. Since under NIS netgroups are backed
by database files, not a flat file, lookups should be noticably
faster.
- todd
More information about the sudo-users
mailing list