[sudo-users] sudo and Active Directory

Rowland penny rpenny at samba.org
Sat Jun 27 06:01:33 MDT 2020

Hello, I am trying to get sudo working with the rules stored in a Samba 
AD domain, perhaps 'trying' is the wrong word. I do have it working, but 
only if 'root' runs 'kinit Administrator' to create the 'krb5cc_0' 
ticket in /tmp, at this point running sudo as a domain user with a sudo 
rule in AD works.

I know I could run something like kstart to ensure that the 
Administrators ticket is renewed, but this isn't really a good idea. Is 
there any way the users kerberos ticket could be used instead ?

Before anyone suggests using sssd, I cannot. I am using a Samba version 
 > 4.8.0 with shares and you cannot use sssd with that combination. I am 
aware of the krb5_ccname parameter, but does this use wildcards ?

Thanks for any help ;-)


More information about the sudo-users mailing list