Sudo (+ldap+kerberos) Not Accepting Password
So I have this CentOS 5.10 box which authenticates network users against ldap(authorizing)+kerberos(authentication). And I now would like to have sudo be able to allow admins (netgroup chinbeards) to sudo about. I am not using sssd though (yet).
Here is the output of me trying sudo (debug on):
[raub@CentOS5-x64 ~]$ sudo pwd LDAP Config Summary
==================uri ldap://idir1.internal.domain.com/
ldap://idir2.internal.domain.com/
ldap_version 3
sudoers_base ou=SUDOers,dc=domain,dc=com binddn (anonymous)
bindpw (anonymous)
bind_timelimit 120000
timelimit 120
ssl start_tls tls_cacertdir /etc/openLDAP/cacerts
==================sudo: ldap_initialize(ld, ldap://idir1.internal.domain.com/
ldap://idir2.internal.domain.com/)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_cacertdir -> /etc/openLDAP/cacerts sudo: ldap_set_option: timelimit -> 120
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 120)
sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: found:cn
One thought on - Sudo (+ldap+kerberos) Not Accepting Password
Ok, I am not saying what I wrote above is proper, but the auth entry is enough to satisfy sudo. But, how now I tell authconfig to edit the file properly? The way I did it was
authconfig –enableldap –enableldaptls
–ldapserver=idir1.internal.domain.com,idir2.internal.domain.com
–ldapbasedn