[sudo-users] LDAP Password Security

LE BOUTER Leo leo.lebouter-ext at aphp.fr
Mon Apr 6 17:10:31 MDT 2020


Hello,

I am looking to use LDAP with sudo but I am concerned about the idea of every server having access to the user's LDAP password at authentication time.
Is there any alternative ways of authenticating? Considering most if not all my users will reach the server though SSH, is there a way to re-use the GSSAPI/Kerberos facility here?
It would give me greater peace of mind if instead of their password a temporary "kerberos token" specific to their current SSH session was used.

Thanks

Leo Le Bouter
Ingenieur Securite Infrastructure
Entrepot de Donnees de Sante (WIND)


More information about the sudo-users mailing list