From danny.barron at eds.com Tue Apr 22 16:03:28 2008 From: danny.barron at eds.com (Barron, Danny) Date: Tue, 22 Apr 2008 15:03:28 -0500 Subject: [sudo-workers] LDAP secret issue Message-ID: In order to keep sudoer information private, I've given users no read ability, but rather attempted to use rootbinddn and /etc/ldap.secret to enable sudo to use a priviledged account that can read ldap sudo entries. From my testing, the sudo_ldap_read_secret function doesn't work as it should. The line that reads: if ((cp = strchr(buf, '\n')) != NULL) Actually doesn't end up copying the first carriage return delimited string from /etc/ldap.secret, it ends up pointed to the carriage return, I believe. Perhaps a call to strtok might be more appropriate ? Ideas ? From Todd.Miller at courtesan.com Wed Apr 23 08:31:22 2008 From: Todd.Miller at courtesan.com (Todd C. Miller) Date: Wed, 23 Apr 2008 08:31:22 -0400 Subject: [sudo-workers] LDAP secret issue In-Reply-To: Your message of "Tue, 22 Apr 2008 15:03:28 CDT." References: Message-ID: <200804231231.m3NCVMkA022935@tex.courtesan.com> Whoops, there is a typo/thinko in sudo_ldap_read_secret(). The line: estrdup(cp); Should be: estrdup(buf); - todd From danny.barron at eds.com Wed Apr 30 14:45:56 2008 From: danny.barron at eds.com (Barron, Danny) Date: Wed, 30 Apr 2008 13:45:56 -0500 Subject: [sudo-workers] sudo 1.7b4 usage Message-ID: I've been using it for a month or so now on my workstation to test the ldap ssl usage (I need that feature!!!) and things seem good on Linux (Solaris, well that's another issue...and a Sun Microsystems issue about their lack of ssl bundling in the native LDAP client). Besides SSL enablement, I applaud being able to sudo -U -l. I don't know who else asked for that...but I appreciate it! Danny