[sudo-users] listpw/verifypw issues with sssd and ldap

Michael Fischer mfischer at zendesk.com
Sun Apr 10 11:13:57 MDT 2016

On Sat, Apr 9, 2016 at 6:59 PM, Todd C. Miller <Todd.Miller at courtesan.com>

> When you have multiple sudoers sources specified they are evaluated
> separately.  This results in the inconsistency you see.  If you
> only use "sudoers: ldap" or "sudoers: sss" things should work as
> expected.  Sudo should really only skip the password requirement
> if all sudoers sources allow it but that's not currently how it
> behaves.

How do we address this?  Is it a simple fix?  Can you clarify the
documentation in the interim?

Best regards,


More information about the sudo-users mailing list