[sudo-users] sudo on Solaris 10 non global zone with Powerbroker Open 7
Todd C. Miller
Todd.Miller at courtesan.com
Wed Jun 27 15:15:42 EDT 2012
On Wed, 27 Jun 2012 15:03:48 EDT, "Todd C. Miller" wrote:
> It is possible that the problem is with the Powerbroken Open nss
> module when resolving groups. You could try using local groups
> file in /etc/nsswitch.conf and see if sudo returns more quickly.
Alternately, you could create /etc/sudo.conf with a line like:
Debug sudo /var/log/sudo_debug nss at trace
then run a sudo command. If you look in /var/log/sudo_debug
for the lines that contain:
-> make_grlist_item
and
<- make_grlist_item
and compare the timestamps for the -> (function entered) and <-
(function exit) lines, if you see that function taking several
minutes then the problem is with group ID to name resolution in the
Powerbroken Open nss module.
- todd
More information about the sudo-users
mailing list