[sudo-users] can I prevent sudo on Solaris from performing ldap searches for local users?
Todd C. Miller
Todd.Miller at courtesan.com
Sun Feb 7 09:09:25 MST 2016
Wow, that is an old version of sudo. That version of sudo will
lookup every group listed in the sudoers file and match by group
ID. Newer versions of sudo will look up the names of all a user's
groups and then do string matches on the group name only. This
might improve things in your environment. You can find Solaris
.pkg files at https://www.sudo.ws/download.html#binary
I'm puzzled as to why the user_attr lookups are going via LDAP if
you have local entries but I'm not a Solaris expert.
- todd
More information about the sudo-users
mailing list