[sudo-users] Looking for help
Dmitri Pal
dpal at redhat.com
Fri Sep 17 16:32:31 EDT 2010
Hello,
I am working on a open friendly open source projects IPA
(www.freeipa.org) and SSSD (https://fedorahosted.org/sssd/)
IPA is a central server for identity and authentication, SSSD is the
client replacing nss_ldap, pam_krb5. SSSD supports offline caching of
identities and multi-domain support. More details here:
https://fedorahosted.org/sssd/attachment/wiki/Contribute/sssd%20overview%20slides.2.pdf
We plan to integrate SSSD with SUDO and provide centrally saved SUDOERS
information as soon as SUDO pluggable policy checking interface would
become available.
But for now we are focusing on the server side aspects and want to be
able to serve SUDO information from IPA directly. However we decided to
not only integrate SUDOERS LDAP schema but take a step further and
integrate it with the identity objects IPA manages. The detailed design
of this effort can be found here.
http://www.freeipa.org/page/SUDO_Schema_Design
So there are couple things we looking for help with:
1) A review of the design. Please reply directly to me or send mails to
freeipa-devel at redhat.com. This will be much, much appreciated!!!
2) Does anyone have a sample LDIF file of the sudo rules we can use for
testing? It does not matter for which LDAP server it is.
Thank you very much for your help.
Looking forward to working with you.
Thank you,
Dmitri Pal
More information about the sudo-users
mailing list