[389-users] Passwordless sudo - is it possible?
Alan Willis
alwillis at riotgames.com
Mon Nov 2 15:54:33 UTC 2015
To get NOPASSWD behavior when using ldap to distribute your sudo records,
you need to add a sudo options attribute to the sudo rule in ldap to negate
the default authentication requirement.
>From http://www.sudo.ws/man/1.8.13/sudoers.man.html
authenticate:
If set, users must authenticate themselves via a password (or other means
of authentication) before they may run commands. This default may be
overridden via the PASSWD and NOPASSWD tags. This flag is on by default.
To negate it, place a '!' in front of it as the value to a sudo options
attribute in ldap.
On Mon, Nov 2, 2015 at 7:02 AM, Todor Petkov <zakk at online.bg> wrote:
> On 02/11/2015 10:20 AM, Todor Petkov wrote:
>
>
>> Hello,
>>
>> my bad, I meant that I have added the line in sudoers, but it was not
>> working.
>>
>> However, I have added the user as "uniquemember" of the group, not
>> just "gidNumber" and it's OK now.
>>
>> Thanks.
>>
>
>
> Hi,
>
> small update:
>
> when the group is with NOPASSWD:ALL, it's not working.
> If the user has specific record, it's OK.
>
> I can change the sudoers record with pssh, but if someone can give a hint
> how to make the group record working, I will appreciate it.
>
> Regards,
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
Alan Willis
Core Infrastructure | Riot Games
For, to speak out once for all, man only plays when in the full meaning of
the word he is a man, and *he is only completely a man when he plays*. -
J.C. Friedrich von Schiller - Letters upon the Æsthetic Education of Man
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20151102/9d00b157/attachment.html>
More information about the 389-users
mailing list