[sudo-users] LDAP Password Security
Michael Ströder
michael at stroeder.com
Tue Apr 7 04:38:43 MDT 2020
On 4/7/20 4:27 AM, Grant Taylor via sudo-users wrote:
> On 4/6/20 5:10 PM, LE BOUTER Leo wrote:
>> I am looking to use LDAP with sudo but I am concerned about the idea
>> of every server having access to the user's LDAP password at
>> authentication time.
>
> I am having trouble unpacking what your concern is.
The valid concern is that if one of your servers got rooted without you
detecting this the next user password input triggered by sudo could be
intercepted. And then the long-term password could be abused somewhere
else on another system not yet rooted by the attacker.
Ciao, Michael.
More information about the sudo-users
mailing list