[sudo-workers] LDAP secret issue

Barron, Danny danny.barron at eds.com
Tue Apr 22 16:03:28 EDT 2008

In order to keep sudoer information private, I've given users no read
ability, but rather attempted to use rootbinddn and /etc/ldap.secret to
enable sudo to use a priviledged account that can read ldap sudo
entries.  From my testing, the sudo_ldap_read_secret function doesn't
work as it should.  The line that reads:
 if ((cp = strchr(buf, '\n')) != NULL)
Actually doesn't end up copying the first carriage return delimited
string from /etc/ldap.secret, it ends up pointed to the carriage return,
I believe.  Perhaps a call to strtok might be more appropriate ?  Ideas

More information about the sudo-workers mailing list