[sudo-users] sudo + ldap - nisNetgroupTriple

Jr Aquino jr.aquino at citrixonline.com
Tue May 25 17:07:12 EDT 2010


I am writing the mailing list in hopes that someone has information  
regarding the use of sudo for 'hostgroups' without having to use the  
nisNetgroupTriple attributes.

I would like to be able to utilize sudo with ldap entries that sanely  
list the hostnames under a 'host:' attribute ideally.

I've spoken to several of the nss_ldap developers and they have  
strongly cautioned me against leveraging nisNetgroup's for storing my  
hosts because of various rfc schema enforcements present in various  
ldap server implementations. (Not being able to modify/add/remove a  
nisNetgroupTriple without fully removing and readding all  
nisNetgroupTriple's from an object being one of the major  
disadvantages...)

Can anyone on the sudo list answer this question?

I'd like to know if I would have to go down the path of modifying the  
sudo source in order for sudo to support a more general sense of  
hostgroup similar to its support of 'usergroups' not requring the nis  
components.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jr Aquino | Information Security Specialist
Citrix Online Division

Citrix Systems, Inc.
7408 Hollister Avenue
Goleta, CA  93117 USA
www.citrixonline.com

Desk: 805-690-3478
Email: jr.aquino at citrixonline.com

www.gotomypc.com | Access Your PC from Anywhere
www.gotomeeting.com | Online Meetings Made Easy
www.gotoassist.com | Remote Support Made Easy










More information about the sudo-users mailing list