Cause: sudo rules can be stored in a centralized identity store such as LDAP and fetched over the network.
Consequence: When the network is not reachable, the sudo client cannot use the rules from the centralized source.
Change: A new sudo responder was implemented in the SSSD as well as a client library in the sudo itself. The SSSD is able to act as a transparent proxy for serving the sudo rules for the sudo binary,
Result: When the centralized sudo rules source is not available, for instance when the network is down, the SSSD is able to fall back to cached rules, providing transparent access to sudo rules from a centralized database.