Jan-Frode Myklebust wrote:
On 2008-09-25, John Summerfield <[EMAIL PROTECTED]> wrote:
Almost certainly I've missed something, but isn't PAM supposed to be the glue that ties applications such as sudo to authentication facilities such as LDAP?

You're missing that the point is to have sudo-configuration in LDAP, not
just authentication. So one central place to manage the "sudoers" for all
your hosts.

Point D requires a local configuration.

Point C can be addressed with a local group specification, with the group's membership defined group wide in LDAP.

A golden local configuration that's deployed on the box, and then customised to cover point D seems close to what's wanted.

This doesn't address deploying changed rules for groups, and in particular a new group with new rules, but that's not necessarily a problem for everyone.



--

Cheers
John

-- spambait
[EMAIL PROTECTED]  [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to