[sudo-workers] ldap and password

Aaron Spangler as at insight.rr.com
Wed Aug 25 22:34:44 EDT 2004

I propose we also consider options B and C.

Option B:

I suspect this always works on Linux.  Can anyone confirm otherwise?
# cp -p /etc/pam.d/ssh /etc/pam.d/sudo

Option C:

When /etc/pam.d/sudo does not exist, pam will default to 
/etc/pam.d/other.  On many distros, /etc/pam.d/other works fine, but on 
a few paranoid distros, /etc/pam.d/other is coded to disallow all.  What 
I am saying is that we might even be so bold to change the build message 
to be 'will' to 'might'.  On all our production (RedHat) Linux 7.2 - 
AS3.0, Solaris  2.6 - 8, HP-UX 11.X , and AIX 5.2 systems, we never 
create a special section for sudo and pam just falls back to 'other' and 
it has always just worked for us.

Thoughts?  Comments?


Todd C. Miller wrote:

>I was hoping to have a sample that would work with most Linux PAM
>installations but that doesn't appear to be possible.  Oh well.
> - todd
>sudo-workers mailing list <sudo-workers at sudo.ws>
>For list information, options, or to unsubscribe, visit:

More information about the sudo-workers mailing list