Jan-Frode Myklebust wrote:
On 2008-09-25, John Summerfield <[EMAIL PROTECTED]> wrote:
Almost certainly I've missed something, but isn't PAM supposed to be the
glue that ties applications such as sudo to authentication facilities
such as LDAP?
You're missing that the point is to have sudo-configuration in LDAP, not
just authentication. So one central place to manage the "sudoers" for all
your hosts.
Point D requires a local configuration.
Point C can be addressed with a local group specification, with the
group's membership defined group wide in LDAP.
A golden local configuration that's deployed on the box, and then
customised to cover point D seems close to what's wanted.
This doesn't address deploying changed rules for groups, and in
particular a new group with new rules, but that's not necessarily a
problem for everyone.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list