OpenLDAP/sudo

From Secure Computing Wiki
Revision as of 12:48, 29 July 2008 by 74.95.66.25 (Talk) (initial sudo commit)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This page will help you get sudo on FreeBSD using OpenLDAP for config storage and authentication.

This is a work in progress. DO NOT FOLLOW THIS UNTIL IT'S FINISHED!!!!!!!!!

PAM Config

Edit the /etc/pam.d/system file to read as follows:

# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
#auth           sufficient      pam_krb5.so             no_warn try_first_pass
#auth           sufficient      pam_ssh.so              no_warn try_first_pass
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass nullok

# account
#account        required        pam_krb5.so
account         required        /usr/local/lib/pam_ldap.so      ignore_unknown_user ignore_authinfo_unavail
account         required        pam_login_access.so
account         required        pam_unix.so

# session
#session        optional        pam_ssh.so
session         required        /usr/local/lib/pam_mkhomedir.so
session         required        pam_lastlog.so          no_fail

# password
#password       sufficient      pam_krb5.so             no_warn try_first_pass
password        required        pam_unix.so             no_warn try_first_pass