[sudo-workers] sudo+ldap and ldap.conf
Todd C. Miller
Todd.Miller at courtesan.com
Tue Jun 14 14:39:06 EDT 2005
In message <20050614181346.GT3960 at sole.infis.univ.trieste.it>
so spake Andrea Barisani (lcars):
> Yes that was my workaround and indeed it is documented in README.LDAP but I
> think you should stress more about this problem security_wise, simply showing
> that you can redefine the conf doesn't show the security aspect of this issue
> .
>
> Also don't you think that making sudo+ldap rootdn aware could be a good
> option? (/etc/ldap.secret mode 600)
It doesn't look like adding rootbinddn should be hard. Am I correct
in believing sudo just needs to look for rootbinddn in ldap.conf
and if found use the password stored in /etc/ldap.secret?
- todd
More information about the sudo-workers
mailing list