Re: [Freeipa-users] Configure IPA 3.1.5 client for sudo?
On Jun 25, 2013, at 2:52 AM, Martin Kosek mko...@redhat.com wrote: On 06/24/2013 03:36 PM, Rob Crittenden wrote: Dean Hunter wrote: On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: On Sun, 23 Jun 2013, Dean Hunter wrote: Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf Thank you for the prompt response! I really appreciate how helpful y'all are on this list. The slide presentation is especially useful because of all the explanation. Have you identified a target release for: 1) SSSD doesn't support FreeIPA as SUDO provider yet To clarify, this is just to make SSSD use the native IPA schema instead of ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 Right. When talking about SUDO being able to select SSSD as a source database (instead of the native LDAP connection), this works already - SSSD reads ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains steps how to configure it manually): Is there a specific version of Sudo that supports nsswitch.conf having: sudo sss? Is that version of Sudo available on RHEL? https://fedorahosted.org/freeipa/ticket/3358 2) A command line tool to preform the client configuration https://fedorahosted.org/freeipa/ticket/3358 rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Configure IPA 3.1.5 client for sudo?
On Tue, Jun 25, 2013 at 08:19:11PM +, JR Aquino wrote: On Jun 25, 2013, at 2:52 AM, Martin Kosek mko...@redhat.com wrote: On 06/24/2013 03:36 PM, Rob Crittenden wrote: Dean Hunter wrote: On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: On Sun, 23 Jun 2013, Dean Hunter wrote: Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf Thank you for the prompt response! I really appreciate how helpful y'all are on this list. The slide presentation is especially useful because of all the explanation. Have you identified a target release for: 1) SSSD doesn't support FreeIPA as SUDO provider yet To clarify, this is just to make SSSD use the native IPA schema instead of ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 Right. When talking about SUDO being able to select SSSD as a source database (instead of the native LDAP connection), this works already - SSSD reads ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains steps how to configure it manually): Is there a specific version of Sudo that supports nsswitch.conf having: sudo sss? When speaking of sudo upstream, the first version where the sudo support landed was 1.8.6b4 Is that version of Sudo available on RHEL? In 6.4 it is. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Configure IPA 3.1.5 client for sudo?
On Tue, Jun 25, 2013 at 10:34:36PM +0200, Jakub Hrozek wrote: On Tue, Jun 25, 2013 at 08:19:11PM +, JR Aquino wrote: On Jun 25, 2013, at 2:52 AM, Martin Kosek mko...@redhat.com wrote: On 06/24/2013 03:36 PM, Rob Crittenden wrote: Dean Hunter wrote: On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: On Sun, 23 Jun 2013, Dean Hunter wrote: Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf Thank you for the prompt response! I really appreciate how helpful y'all are on this list. The slide presentation is especially useful because of all the explanation. Have you identified a target release for: 1) SSSD doesn't support FreeIPA as SUDO provider yet To clarify, this is just to make SSSD use the native IPA schema instead of ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 Right. When talking about SUDO being able to select SSSD as a source database (instead of the native LDAP connection), this works already - SSSD reads ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains steps how to configure it manually): Is there a specific version of Sudo that supports nsswitch.conf having: sudo sss? When speaking of sudo upstream, the first version where the sudo support the sss support sorry for typo landed was 1.8.6b4 Is that version of Sudo available on RHEL? In 6.4 it is. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Configure IPA 3.1.5 client for sudo?
On Sun, 23 Jun 2013, Dean Hunter wrote: Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Configure IPA 3.1.5 client for sudo?
On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: On Sun, 23 Jun 2013, Dean Hunter wrote: Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf Thank you for the prompt response! I really appreciate how helpful y'all are on this list. The slide presentation is especially useful because of all the explanation. Have you identified a target release for: 1) SSSD doesn't support FreeIPA as SUDO provider yet 2) A command line tool to preform the client configuration Thank you again for your help. ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Configure IPA 3.1.5 client for sudo?
Dean Hunter wrote: On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: On Sun, 23 Jun 2013, Dean Hunter wrote: Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf Thank you for the prompt response! I really appreciate how helpful y'all are on this list. The slide presentation is especially useful because of all the explanation. Have you identified a target release for: 1) SSSD doesn't support FreeIPA as SUDO provider yet To clarify, this is just to make SSSD use the native IPA schema instead of ou=sudoers. https://fedorahosted.org/sssd/ticket/1108 2) A command line tool to preform the client configuration https://fedorahosted.org/freeipa/ticket/3358 rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Configure IPA 3.1.5 client for sudo?
On Mon, 24 Jun 2013, Dean Hunter wrote: On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote: On Sun, 23 Jun 2013, Dean Hunter wrote: Section 14.4. Applying the Configured sudo Policies to Hosts of the FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains only an example of configuring sudo for use with FreeIPA 2.2. It differs in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at fedoraproject.org. What instructions should I use to configure an IPA 3.1.5-1 client with sudo? This thread should clear it up: https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html This presentation covers current state: http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf Thank you for the prompt response! I really appreciate how helpful y'all are on this list. The slide presentation is especially useful because of all the explanation. Have you identified a target release for: 1) SSSD doesn't support FreeIPA as SUDO provider yet 2) A command line tool to preform the client configuration Thank you again for your help. We are working on (2) for FreeIPA 3.3 for producing client configuration advisories out of existing server configuration in the case of suggesting configurations of older clients. Look at freeipa-devel@ where we are discussing ipa-advise tool if you are interested. As for (1), it is part of SSSD work so I'd defer that answer to SSSD experts ;) -- / Alexander Bokovoy ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users