[GRLUG] SuSE 13.2 group weirdness

[Gary Greene]

Agreed with Adam on this. As an admin that has worked in a fairly large LDAP shops (both OpenLDAP and AD), I appreciate this change with SSSd. 

--
Gary L. Greene, Jr.
==============================================================================
Volunteer developer of the KDE F/OSS project and Project Lead for AltimatOS
    http://www.kde.org/                 http://www.altimatos.com/
Please refrain from sending me proprietary binary documents (Doc, Xls, Ppt)
  Use a free office suite with standards approved formats like LibreOffice.
    http://www.libreoffice.org/
==============================================================================

> On Oct 6, 2015, at 11:59 AM, Adam Tauno Williams <awilliam at whitemice.org> wrote:
> 
> Quoting "L. V. Lammert" <lvl at omnitec.net>:
>> Build a new server (minimal install), and it is exhibiting some strange
>> group behavior!
>> A UID is in three groups, .. *but* only the primary group shows at login!
>> After that, one can 'newgrp' to a different group of which you are Member,
>> and if you are not a Member of that group, it requires a password.
>> Has anyone ever seen behavior like this? It's a new one to me!
> 
> Are you using SSSD for ident?
> 
> This is sort of a 'new default'.  Group enumeration due to absurdities in the NSS functions can be scandalously inefficient;  even more so now that many identity systems support nested groups [Ugh!]. Group membership may not be enumerated, but it should work for interrogation.
> 
> Lots of new code and subsystems work this way.
> 
> It is a *feature* you can toggle *off* if you really need getpwent() et al to enumerate all groups.  But generally all it will do is make things slower.
> 
> 
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug