[sudo-users] sudo on Solaris 10 non global zone with Powerbroker Open 7
Jeff.Martin at tais.toshiba.com
Wed Jun 27 15:17:42 EDT 2012
I disabled lsass in /etc/nsswitch.conf for groups and its now as fast as we are used to.
However, wouldn't it be bad to leave it disabled?
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: Wednesday, June 27, 2012 12:16 PM
To: Martin, Jeff; sudo-users at sudo.ws
Subject: Re: [sudo-users] sudo on Solaris 10 non global zone with Powerbroker Open 7
On Wed, 27 Jun 2012 15:03:48 EDT, "Todd C. Miller" wrote:
> It is possible that the problem is with the Powerbroken Open nss
> module when resolving groups. You could try using local groups
> file in /etc/nsswitch.conf and see if sudo returns more quickly.
Alternately, you could create /etc/sudo.conf with a line like:
Debug sudo /var/log/sudo_debug nss at trace
then run a sudo command. If you look in /var/log/sudo_debug
for the lines that contain:
and compare the timestamps for the -> (function entered) and <-
(function exit) lines, if you see that function taking several
minutes then the problem is with group ID to name resolution in the
Powerbroken Open nss module.
This message may contain confidential information. If you are not the intended recipient of this e-mail, do not disseminate, distribute or copy this e-mail and delete this e-mail from your system.
More information about the sudo-users