[olug] Using RADIUS roles for sudoers

Kevin sharpestmarble at gmail.com
Wed Feb 4 12:52:23 CST 2015


How about this then? Using sudo, everyone is allowed to do everything. But
with RADIUS, users are restricted.
On Feb 4, 2015 12:48 PM, "Damian Harouff" <cekkent at gmail.com> wrote:

> That's what I've got in place at the moment, but that only seems to cover
> the password authentication; after authentication via the PAM module for
> RADIUS, sudo still attempts to read from /etc/sudoers to see if the user is
> indeed allowed to do anything. Unless I has the dumb and there's something
> I'm missing.
>
> On Wed, Feb 4, 2015 at 12:42 PM, Kevin <sharpestmarble at gmail.com> wrote:
>
> > Have you looked at pam? There's a RADIUS Pam connector that looks like it
> > might do what you want if you put it into /etc/pam.d/sudo
> > On Feb 4, 2015 10:21 AM, "Damian Harouff" <cekkent at gmail.com> wrote:
> >
> > > I've recently encountered an existing system where the company already
> > has
> > > a RADIUS server set up for authentication, including SSH and sudo, but
> > they
> > > would like to also use the RADIUS roles to determine what commands can
> be
> > > executed via sudo.
> > >
> > > I know that sudo has the ability to use LDAP for this, but LDAP isn't
> > > available, and the company is not interested in an LDAP server.
> > >
> > > The Google did not turn up much. Anyone ever done this before?
> > > _______________________________________________
> > > OLUG mailing list
> > > OLUG at olug.org
> > > https://lists.olug.org/mailman/listinfo/olug
> > >
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>


More information about the OLUG mailing list