[Freeipa-users] sudo questions
Jakub Hrozek
jhrozek at redhat.com
Tue Oct 9 05:59:58 UTC 2012
On Tue, Oct 09, 2012 at 12:04:24AM +0200, Sigbjorn Lie wrote:
> Hi,
>
Hi Siggi,
> 3. sudo integration with SSSD does not work when anonymous LDAP
> authentication is disabled at the server. Enabling verbose logging
> in SSSD seem to suggest that it's attempting anonymous auth only.
> (sssd-1.8.4-14.fc17.x86_64)
This is a known limitation of both 1.8 and 1.9. SSSD-1.9 documentation
includes an example on how to configure the sudo provider against an IPA
server:
http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html
We're tracking creating a native IPA sudo backend in SSSD-1.10:
https://fedorahosted.org/sssd/ticket/1108
> 6. Adding a sudo command having multiple commands listed (such as:
> "/sbin/route, /sbin/ifconfig, /bin/ping <https://lieipa01.ix.nixtra.com/ipa/ui/#/sbin/route,%20/sbin/ifconfig,%20/bin/ping,%20/sbin/dhclient,%20/usr/bin/net,%20/sbin/iptables,%20/usr/bin/%20rfcomm,%20/usr/bin/wvdial,%20/sbin/iwconfig,%20/sbin/mii-tool>")
> is allowed in IPA and does list it correctly as allowed commands
> when doing "sudo -l", however attempting to execute one of the
> commands in the list using sudo fails.
This was with SSSD or nss-pam-ldapd?
More information about the Freeipa-users
mailing list