[PATCHES] SUDO integration - first iteration
by Pavel Březina
https://fedorahosted.org/sssd/ticket/623
Helpful links:
- SUDO plugin API
http://www.gratisoft.us/sudo/man/1.8.1/sudo_plugin.man.html
What does it do currently?
1. sudo plugin sends input data to responder
2. responder sends back to plugin that user is allowed to run the
command
What does it not do?
- Doesn't require any PAM authentication
- Doesn't read anything from LDAP
- Doesn't set any environment variables (and reset current environment)
This actually can cause some troubles to applications, so far I've
encountered an error message in VIM (no $HOME specified)
How to test it?
1. Install SUDO version 1.8 or greater
I am running 1.8.2 built from source:
ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.2.tar.gz
2. Enable SUDO plugin in /etc/sudo.conf
Plugin sss_sudo_policy /usr/lib/sudo/libsss_sudoplugin.so
Unfortunately, SUDO doesn't allow to have more than one policy
plugin activated, so comment out standard sudoers plugin.
3. Enable it in sssd.conf ;-)
services += sudo
4. Run sssd
5. Run sudo
I left there some debug messages, so don't worry when you see:
CMD Return code: 0
errnop: 0
Command exited with status 0
in the output. But tell me if there is anything else than 0 :-)
[PATCH 1/5]
Adds a client function that allows client to send data to responder.
And set sudo responder protocol version.
[PATCH 2/5]
SUDO plugin.
[PATCH 3/5]
SUDO responder.
[PATCH 4/5]
Configure and Makefile updates so we can build plugin and responder.
[PATCH 5/5]
Just a little update that adds sudo responder to known services of monitor.
12 years, 5 months
sssd caching
by Thomas Jagt
Hi,
We have authentication running against the AD. We configured the cache_credentials option to be sure that login works if the AD fails.
But when we disable an account in the AD, sssd is not updating his cache. When there is a connection between sssd and the AD, the user is still able to login.
Is there an option to enable synchronization between the sssd cache and the AD?
Thanx and Regards
12 years, 5 months
[PATCH] SBUS: Fix DEBUG log matching
by Stephen Gallagher
This log message should only be displayed at the most verbose of
log levels. Since it didn't match, it was resulting in a Coverity
error warning of the printing of an uninitialized value (fd).
12 years, 5 months
[PATCH] Typo fixes
by Marko Myllynen
Hi,
Fix few trivial typos reported by Yuri.
Cheers,
--
Marko Myllynen
12 years, 5 months