From a0f79dd38cffc5ad382aae9baba76863678c26ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Fri, 20 Oct 2017 11:49:26 +0200
Subject: [PATCH 10/79] sudo: document background activity
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When we introduced socket activation, we changed the internall behaviour.
Previously we disabled sudo if it was not listed in services, with
socket activation we removed this feature. Some users were confused
so this change documents current behaviour.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
---
 src/man/sssd.conf.5.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 1e8d9537517c85c3021b9c2c4185ea272c5bfffa..b247b5ac75a82d45f29023f5f9ca24a3a7a5ce0c 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2348,6 +2348,14 @@ pam_account_locked_message = Account locked, please contact help desk.
                                  <manvolnum>5</manvolnum>
                              </citerefentry>.
                         </para>
+                        <para>
+                            <emphasis>NOTE:</emphasis> Sudo rules are
+                            periodically downloaded in the background unless
+                            the sudo provider is explicitly disabled. Set
+                            <emphasis>sudo_provider = None</emphasis> to
+                            disable all sudo-related activity in SSSD if you do
+                            not want to use sudo with SSSD at all.
+                        </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>
-- 
2.15.1