Using ksu/sudo with Kerberos
Brian Candler
B.Candler at pobox.com
Sat Oct 9 13:29:12 EDT 2010
On Fri, Oct 08, 2010 at 06:16:31AM -0700, rommudoh at googlemail.com wrote:
> On Oct 5, 10:03 am, Brian Candler <B.Cand... at pobox.com> wrote:
> > sudo's testing for group membership seems a lot more attractive in that
> > regard.
>
> Can it test this using LDAP, too?
Sure: using nss_ldap then you ldap uid, gid and supplementary groups via
LDAP. Then in /etc/sudoers you just check for membership of a particular
group.
More information about the Kerberos
mailing list