From 5c7170c6d602f0bb3208487d860417bde59ab60b Mon Sep 17 00:00:00 2001
From: Pavel Březina <pbrezina@redhat.com>
Date: Oct 26 2017 08:30:45 +0000
Subject: sudo: document background activity


When we introduced socket activation, we changed the internall behaviour.
Previously we disabled sudo if it was not listed in services, with
socket activation we removed this feature. Some users were confused
so this change documents current behaviour.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

---

diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index 47da07c..6be3cd4 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -2355,6 +2355,14 @@ pam_account_locked_message = Account locked, please contact help desk.
                                  <manvolnum>5</manvolnum>
                              </citerefentry>.
                         </para>
+                        <para>
+                            <emphasis>NOTE:</emphasis> Sudo rules are
+                            periodically downloaded in the background unless
+                            the sudo provider is explicitly disabled. Set
+                            <emphasis>sudo_provider = None</emphasis> to
+                            disable all sudo-related activity in SSSD if you do
+                            not want to use sudo with SSSD at all.
+                        </para>
                     </listitem>
                 </varlistentry>
                 <varlistentry>