Hello everybody,
my company wants to integrate all Unix servers into active directory.
For "normal" account management I decided more or less to go down the
winbind route.
To have all information in one place, we also want to put sudoers in the AD.
Now the question is, how can I access the information ?
I don't think, winbind can provide sudoers information.
So, I guess I have to maintain a separate ldap.conf for sudo.
But, how does sudo authenticate to the LDAP server (the user is
authenticated using pam and thus through winbind (unless NOPASSWD is
defined))
- The standard answer is: use a proxy user. But I don?t like it
- How does winbind authenticate to the LDAP server ? Would it be possible
to do the same with nss_ldap ?
- Somebody suggested to use SASL -> GSS_API -> Kerberos. But how do I
handle non-AD users, or the NOPASSWD case ?
Sincerely
Bernhard
--
Minds are like parachutes
They only function when open
