AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
#Power
 View Only

  • 1.  ldap group in sudoers file?

    Posted Fri August 12, 2011 01:47 PM

    Originally posted by: SystemAdmin


    I'm trying to have sudoers lookup ldap groups.

    me@machine:/$ groups
    is-staff unix-admins
    me@machine:/$ lsgroup unix-admins
    unix-admins id=7777 users=me registry=KRB5ALDAP

    /etc/sudoers:
    %unix-admins ALL=(ALL) ALL

    This keeps asking for a password. but
    %unix-admins ALL=(ALL) NOPASSWD:ALL

    works fine. Any ideas for me to avoid using NOPASSWD as this kind of defeats the purpose of using sudo.

    Thanks!
    #AIX-Forum


  • 2.  Re: ldap group in sudoers file?

    Posted Fri August 12, 2011 02:22 PM

    Originally posted by: Juredd1


    The password it's asking for is the password for the user running the sudo command not the password for the person they are trying to sudo to. In your case it may be a command being running a script of something. Anyway again it's the password for the user running the command so they hopefully know their own password.
    #AIX-Forum


  • 3.  Re: ldap group in sudoers file?

    Posted Fri August 12, 2011 02:39 PM

    Originally posted by: SystemAdmin


    I'm aware that it's the password of the user executing sudo.

    Though my assumption is that sudo is checking a pam module for auth and not either LDAP or KRB5ALDAP. Is there anyway to force sudo to do ldap authorization?
    #AIX-Forum


Related Content