From Secure Computing Wiki
Revision as of 13:12, 29 July 2008 by (talk) (ldap.conf config parameter)
Jump to navigation Jump to search

This page will help you get sudo on FreeBSD using OpenLDAP for config storage and authentication.

This is a work in progress. DO NOT FOLLOW THIS UNTIL IT'S FINISHED!!!!!!!!!

PAM Config

Edit the /etc/pam.d/system file to read as follows:

# auth
auth            sufficient             no_warn no_fake_prompts
auth            requisite       no_warn allow_local
#auth           sufficient             no_warn try_first_pass
#auth           sufficient              no_warn try_first_pass
auth            sufficient      /usr/local/lib/      no_warn try_first_pass
auth            required             no_warn try_first_pass nullok

# account
#account        required
account         required        /usr/local/lib/      ignore_unknown_user ignore_authinfo_unavail
account         required
account         required

# session
#session        optional
session         required        /usr/local/lib/
session         required          no_fail

# password
#password       sufficient             no_warn try_first_pass
password        required             no_warn try_first_pass


Add the following lines to your /usr/local/etc/ldap.conf file:

# SUDO Configuration
sudoers_base ou=SUDOers,dc=claimlynx,dc=com