[Fedora-directory-users] Sudo over tls/ssl connection

Greg Hetrick greg.hetrick at gmail.com
Wed Aug 1 19:31:09 UTC 2007


This client is RHEL 5 -- I tried various different configs including the one
you paste below.

What I did find out eventually, is that sudo on rhel 5 is compiled with
libldap support, this was not the case in rhel 4.5 -- so I recompiled and
re-installed the rpm to exclude libldap support and it now it works fine.

Thanks,
Greg

On 8/1/07, Josh Kelley <joshkel at gmail.com> wrote:
>
> On 7/31/07, Greg Hetrick <greg.hetrick at gmail.com> wrote:
> > I am having a problem with sudo when I am running in a TSL/SSL
> connection, I
> > am able to ssh into the client and verified that the connection is
> secure,
> > but once logged in to the client machine I am unable to use sudo.
> >
> > I am seeing multiple re-tries in the access logs that appear to close,:
> >
> > When I do the same thing without a TLS/SSL connection sudo works fine.
> >
> > and eventually, I get
> >
> > sudo: uid 1000 does not exist in the passwd file!
>
> Based on the symptoms and logs, this sounds more like a client problem
> than a problem with FDS.  What OS / distro are you running?  What does
> your /etc/ldap.conf look like?  Recent versions of Fedora, for
> example, are fairly strict in how /etc/ldap.conf is configured.  The
> following configuration works for me, although it could probably be
> improved:
>
> uri ldaps://ldap1.example.com/ ldaps://ldap2.example.com/
> ssl on
> tls_cacertfile /etc/pki/tls/certs/ca-localauthority.crt
> host ldap1.example.com ldap2.example.com
>
> Josh Kelley
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070801/76956e49/attachment.htm>


More information about the Fedora-directory-users mailing list