[Freeipa-users] another sudo su question
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Jul 17 22:09:20 UTC 2012
This is exactly my sort of thing as well.
We seem to be in the freeipa group yet ppl are telling me to use pam.d...no one has really said you cannot do this in IPA, or you can and this is how......
:/
The very idea of using IPA is to stop having to do such local configuration....
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of KodaK [sakodak at gmail.com]
Sent: Wednesday, 18 July 2012 3:50 a.m.
To: freeipa-users at redhat.com
Subject: [Freeipa-users] another sudo su question
I've been banging my head on this for a couple of days, and I can't
find anything in the docs or by searching.
I'm trying to do what I think should be pretty simple: I have a group
of users and an application account, all in IPA. I want users in that
group to be able to "sudo su - appacct".
What I've found is that I probably can't do it exactly like that, so
now I'm trying "sudo -i appacct", but I can't get that to work either.
My rule is set up like this:
rule name: become-appacct
sudo option: -i appacct (I'm not sure this is right.)
user groups: admins, appgroup
host groups: apphostgroup
Everything else is blank. Note that this is just the current
configuration, I've tried a bunch of iterations.
Any help?
Thanks,
--Jason
--
The government is going to read our mail anyway, might as well make it
tough for them. GPG Public key ID: B6A1A7C6
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list