[sudo-users] Re: Sudo 1.6.8p8 - on solaris 9 - with ldap

Aaron Spangler aaron777 at gmail.com
Sun Jul 10 15:53:52 EDT 2005


I suspect the problem you are running into is that the Sun One
Libraries (assuming you compiled sudo against the Sun One Libraries
rather than the built in Solaris libraries) require that the
certificate and keyfile databases be specified.  I do not believe at
this time these features have been implemented into Sudo.

I recommend you build sudo against OpenLDAP's SDK when compiling sudo
and it will give you full start_tls and SSL capabilities.  You can use
OpenLDAP's SDK to talk with any LDAP server.

- Aaron

On 5/20/05, Macleod, Paul <paul.macleod at eds.com> wrote:
> Good Afternoon Aaron,
> I've been able to build Sudo with gcc and get it to work a treat, with Sun
> One Directory Server 5.2.
> However, that is over clear sockets on port 389.
> I'm struggling to get pick up TLS features, and wonder if there are any
> pointers you may have to confirm that things are right.
> Pam authentications to the directory do work with TLS, have appropriate
> certificates in place and such.  ( e.g. /var/ldap/cert7.db and
> /var/ldap/key3.db ).  i.e. user authentication, hostname resolution etc.
> Is there any way to confirm that Sudo is actually trying to use
> certificates? and that the build has picked up the appropriate configuration
> options, and trying to use values defined in the ldap.conf file?
> Other than Sudo, there is no open source components installed.
> Thanks in advance for any help you can offer in resolving this.
> -Paul.

More information about the sudo-users mailing list