[sudo-users] LDAP Password Security
Michael Ströder
michael at stroeder.com
Tue Apr 7 12:56:39 MDT 2020
On 4/7/20 4:25 PM, LE BOUTER Leo wrote:
> Seeing your other message, I'll consider password-less sudo, though I
> don't think that's too good, because it means a program running under
> any logged in user can also execute sudo with their permissions.
Not any logged in user. Only users authorized to make use of specific
sudo rules.
> Only imperfect solutions here, it seems.
Yes.
For completeness:
Vendors selling PAM solutions will argue that they only set temporary
passwords. But such a PAM solution also needs a super-mighty account to
set the temporary passwords, most times directly on the target system.
IMHO also not so great.
Ciao, Michael.
More information about the sudo-users
mailing list