[sudo-users] LDAP Password Security
LE BOUTER Leo
leo.lebouter-ext at aphp.fr
Mon Apr 6 17:10:31 MDT 2020
Hello,
I am looking to use LDAP with sudo but I am concerned about the idea of every server having access to the user's LDAP password at authentication time.
Is there any alternative ways of authenticating? Considering most if not all my users will reach the server though SSH, is there a way to re-use the GSSAPI/Kerberos facility here?
It would give me greater peace of mind if instead of their password a temporary "kerberos token" specific to their current SSH session was used.
Thanks
Leo Le Bouter
Ingenieur Securite Infrastructure
Entrepot de Donnees de Sante (WIND)
More information about the sudo-users
mailing list