[32786] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Using ksu/sudo with Kerberos

daemon@ATHENA.MIT.EDU (Brian Candler)
Sat Oct 9 13:29:25 2010

Date: Sat, 9 Oct 2010 18:29:12 +0100
From: Brian Candler <B.Candler@pobox.com>
To: "rommudoh@googlemail.com" <julian@vgai.de>
Message-ID: <20101009172912.GA2212@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <2b3729f3-1860-4f00-93b8-2acf242156ea@i13g2000yqd.googlegroups.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

On Fri, Oct 08, 2010 at 06:16:31AM -0700, rommudoh@googlemail.com wrote:
> On Oct 5, 10:03 am, Brian Candler <B.Cand...@pobox.com> wrote:
> > sudo's testing for group membership seems a lot more attractive in that
> > regard.
> 
> Can it test this using LDAP, too?

Sure: using nss_ldap then you ldap uid, gid and supplementary groups via
LDAP.  Then in /etc/sudoers you just check for membership of a particular
group.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32786] in Kerberos

Re: Using ksu/sudo with Kerberos

daemon@ATHENA.MIT.EDU (Brian Candler)Sat Oct 9 13:29:25 2010

daemon@ATHENA.MIT.EDU (Brian Candler)
Sat Oct 9 13:29:25 2010