Have any advice for using LDAP to manage sudo (privileged) access?
On Mon, Mar 15, 2010 at 6:06 PM, Rick Stevens <ricks@xxxxxxxx> wrote:
On 03/15/2010 04:04 PM, Tom H wrote:I second that. You have to join the 21st century sometime. LDAP is
>>> Rather than create different /etc/sudoers for each box, can't you use
>>> a name service (with>1500 boxes you must already have one running)
>>> and set up netgroups for users, commands, boxes, and auths?
>
>> Yes, name service (DNS) is running but not supported by my department.
>> This infrastructure has grown into what it is now for long time. I am
>> trying to straighten it out.
>
> By "name service," I meant NIS, NIS+, LDAP.
a good choice AND you can manage the sudo file from it as well (a thing
I've found VERY useful).
NIS was invented by Sun, NIS+ expanded upon it. Almost all Unixish
systems will support NIS/NIS+. Most will support LDAP (Solaris, Linux,
FreeBSD, HP/UX for sure).
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, C2 Hosting ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- If at first you don't succeed, quit. No sense being a damned fool! -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
--
Jamie Bohr
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
