new user question

Arnold, Jason Jason.Arnold at
Wed Mar 7 10:39:21 EST 2001

Hi, I'm new to this list, but am curious to see if anyone is either working,
or interested in, or would at least have some tips on working on some
functionality that we need.

We're in the initial phases of trying to implement LDAP based centralized
administration of several hundred Solaris and HP-UX servers.  As such, we're
shooting for two goals:
1)  Role based account access.  I.e., configure all servers to allow access
to users in that are in sysadmin and info security roles, some servers to
users in DBA roles, some servers to users in legal, or developers, or HR, or
whatnot.  We don't want to use groups as we don't do a good job of
maintaining group information (most of our users are just "staff" or
similar), but we can pull business level heirarchial data from HR type
2) Leverage the same directory service to grant elevated privilages via sudo
(i.e., SAs can do almost everything, DBAs can do stuff as oracle or sybase,
etc).  Basically, we need a sudo that is capable of looking up group
membership in an LDAP database instead of using system groups.

Is anyone working on this?  If not, is there any other interest in this?
What's the acceptable way to add new functionality?

--Jason Arnold, Systems Technical Specialist
Technical Services - Unix Arch.

WARNING:  All e-mail sent to and from this address will be received or
otherwise recorded by the A.G. Edwards corporate e-mail system and is
subject to archival, monitoring or review by, and/or disclosure to,
someone other than the recipient.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/sudo-workers/attachments/20010307/e1d0ba6b/attachment.html>

More information about the sudo-workers mailing list