[sudo-users] sudo and Active Directory
rpenny at samba.org
Sat Jun 27 06:01:33 MDT 2020
Hello, I am trying to get sudo working with the rules stored in a Samba
AD domain, perhaps 'trying' is the wrong word. I do have it working, but
only if 'root' runs 'kinit Administrator' to create the 'krb5cc_0'
ticket in /tmp, at this point running sudo as a domain user with a sudo
rule in AD works.
I know I could run something like kstart to ensure that the
Administrators ticket is renewed, but this isn't really a good idea. Is
there any way the users kerberos ticket could be used instead ?
Before anyone suggests using sssd, I cannot. I am using a Samba version
> 4.8.0 with shares and you cannot use sssd with that combination. I am
aware of the krb5_ccname parameter, but does this use wildcards ?
Thanks for any help ;-)
More information about the sudo-users