[sudo-users] sudo SSL Solaris
paul.macleod at eds.com
Wed Jun 14 09:35:07 EDT 2006
Short answer as I worked on this exact problem circa this time last year
in a proof of concept I was engaged in.
It's not possible.
The API's within sudo to request an SSL connection are not available to
native solaris. I got around this by using the mozilla sdk and some
code amendments to the ldap.c module.
These I submitted last year, but believe nothing was followed through
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of
Beate.Kleymann at HVBIS.com
Sent: 14 June 2006 13:31
To: sudo-users at sudo.ws
Subject: [sudo-users] sudo SSL Solaris
I try to get sudo with pam and ldap support plus ssl working.
We have Solaris 8 and 9 native clients.
Users authenticate using Sun One Directory Server 5.2
Next we would like to migrate our sudoers information into the Directory
I was able to compile sudo-1.6.8p8 with ldap and pam support:
# ./configure --with-ldap=/usr --with-pam
Everything works fine as long as I don't use SSL.
If I turn on SSL in the /etc/ldap.conf sudo will not work any more.
I tried different Entries in the ldap.conf
bash-2.05$ more /etc/ldap.conf
Using SSL the sudo will hang. It is not reading out the SSL Parameters
from the ldap.conf file.
bash-2.05$ ./sudo /usr/sbin/ifconfig -a
LDAP Config Summary
bash-2.05$ ldd ./sudo
libpam.so.1 => /usr/lib/libpam.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libldap.so.5 => /usr/lib/libldap.so.5
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libc.so.1 => /usr/lib/libc.so.1
libcmd.so.1 => /usr/lib/libcmd.so.1
librt.so.1 => /usr/lib/librt.so.1
libmd5.so.1 => /usr/lib/libmd5.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libaio.so.1 => /usr/lib/libaio.so.1
I tried to find a solution in the mailing list archive, but I'm still
not sure if it is possible to use SSL with native solaris ldap clients
Security is very strikt and I'm afraid we are not allowed to transfer
sudo entries over the network without using SSL.
I'm quite familiar with the Directory Server but I don't have enough
knowledge how sudo works.
Your help would be much appreciated.
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
More information about the sudo-users