[sudo-users] sudo 1.7.1 with pam, ldap and SSL on solaris 10: need help
paul.macleod at eds.com
Fri May 29 04:21:31 EDT 2009
I would just like to add - I have similar, if not the same issue.
To add information to the mix, I've had a build of Sudo (sudo-1.6.9p10 )
that had some LDAP support iterated through on 19th Dec '07, which was
built.. worked perfectly on Solaris 9 environment.
That environment later upgraded to Solaris 10u4, and the LDAP SSL fails
to work now. With newer Sudo 1.7, but also re-tested with the same
1.6.9p10 source; rebuilt etc. So could confirm it wasn't a 1.7 thing;
as the 1.6.9p10 - worked on Solaris 9.
I've also tried, with making cert7.db and cert8.db; with utter futility;
always the same errors.
From: sudo-users-bounces at courtesan.com
[mailto:sudo-users-bounces at courtesan.com] On Behalf Of M. Fija
Sent: 27 May 2009 18:15
To: sudo-users at sudo.ws
Subject: [sudo-users] sudo 1.7.1 with pam,ldap and SSL on solaris 10:
I've compiled sudo-1.7.1 on Solaris 10 with PAM and (solaris native)
And sudo was built without errors and works as expected when using ldap
fails with ldaps:
> sudo -l
LDAP Config Summary
sudo: ldapssl_clientauth_init(/var/ldap/cert8.db, NULL)
sudo: unable to initialize SSL cert and key db: security library: bad
sudo: unable to initialize LDAP: Unknown error
Sudo was build with the following command:
CC="gcc -static-libgcc" ./configure \
--with-logging=syslog --with-logfac=authpriv \
--with-editor=/usr/bin/vi --with-env-editor \
--with-ignore-dot --with-tty-tickets \
--with-pam --with-nsswitch \
Here is my /etc/ldap.conf:
The file /var/ldap/cert8.db was created for the solaris ldap client with
On the LDAP server side (openldap 2.3/Redhat ES3), TLS parameters are:
It seems there are no problem with PAM as i can see connexion and search
operations honored successfully by the ldap server.
Thanks for any help.
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
More information about the sudo-users