[Freeipa-users] sudo questions
Sigbjorn Lie
sigbjorn at nixtra.com
Tue Oct 9 09:02:37 UTC 2012
On Tue, October 9, 2012 07:59, Jakub Hrozek wrote:
> On Tue, Oct 09, 2012 at 12:04:24AM +0200, Sigbjorn Lie wrote:
>
>> Hi,
>>
>>
>
> Hi Siggi,
>
>
>> 3. sudo integration with SSSD does not work when anonymous LDAP
>> authentication is disabled at the server. Enabling verbose logging in SSSD seem to suggest that
>> it's attempting anonymous auth only. (sssd-1.8.4-14.fc17.x86_64)
>>
>
> This is a known limitation of both 1.8 and 1.9. SSSD-1.9 documentation
> includes an example on how to configure the sudo provider against an IPA server:
> http://jhrozek.fedorapeople.org/sssd/1.9.1/man/sssd-sudo.5.html
>
>
> We're tracking creating a native IPA sudo backend in SSSD-1.10:
> https://fedorahosted.org/sssd/ticket/1108
>
OK
>
>> 6. Adding a sudo command having multiple commands listed (such as:
>> "/sbin/route, /sbin/ifconfig, /bin/ping
>> <https://lieipa01.ix.nixtra.com/ipa/ui/#/sbin/route,%20/sbin/ifconfig,%20/bin/ping,%20/sbin/dhc
>> lient,%20/usr/bin/net,%20/sbin/iptables,%20/usr/bin/%20rfcomm,%20/usr/bin/wvdial,%20/sbin/iwcon
>> fig,%20/sbin/mii-tool>") is allowed in IPA and does list it correctly as allowed commands when
>> doing "sudo -l", however attempting to execute one of the commands in the list using sudo fails.
>>
>
> This was with SSSD or nss-pam-ldapd?
ldap directly, not sssd.
regards,
Siggi
More information about the Freeipa-users
mailing list