diff options
author | Pavel Březina <pbrezina@redhat.com> | 2015-07-29 14:51:30 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-14 22:47:45 +0200 |
commit | 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 (patch) | |
tree | 643f0c422bf83050e3cff3131961c9569f4d19b0 /src/config | |
parent | ef7de95fc4827a660254a942fa394f34ed9694a9 (diff) | |
download | sssd-52e3ee5c5ff2c5a4341041826a803ad42d2b2de7.tar.gz sssd-52e3ee5c5ff2c5a4341041826a803ad42d2b2de7.tar.xz sssd-52e3ee5c5ff2c5a4341041826a803ad42d2b2de7.zip |
sudo: use "higher value wins" when ordering rules
This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.
Resolves:
https://fedorahosted.org/sssd/ticket/2682
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/config')
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
-rw-r--r-- | src/config/etc/sssd.api.conf | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 49de53eaa..6294d595b 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -92,6 +92,7 @@ option_strings = { # [sudo] 'sudo_timed' : _('Whether to evaluate the time-based attributes in sudo rules'), + 'sudo_inverse_order' : _('If true, SSSD will switch back to lower-wins ordering logic'), # [autofs] 'autofs_negative_timeout' : _('Negative cache timeout length (seconds)'), diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index cf6ce6301..2e5b02e3e 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -63,6 +63,7 @@ pam_account_expired_message = str, None, false [sudo] # sudo service sudo_timed = bool, None, false +sudo_inverse_order = bool, None, false [autofs] # autofs service |