From Secure Computing Wiki
Revision as of 13:15, 29 July 2008 by (Talk) (port install and config)

Jump to: navigation, search

This page will help you get sudo on FreeBSD using OpenLDAP for config storage and authentication.

This is a work in progress. DO NOT FOLLOW THIS UNTIL IT'S FINISHED!!!!!!!!!


For this setup, I've got with LDAP and INSULTS enabled. You can get this installed with the following:

# cd /usr/ports/security/sudo && make clean deinstall && make -DWITH_INSULTS -DWITH_LDAP reinstall

PAM Config

Edit the /etc/pam.d/system file to read as follows:

# auth
auth            sufficient             no_warn no_fake_prompts
auth            requisite       no_warn allow_local
#auth           sufficient             no_warn try_first_pass
#auth           sufficient              no_warn try_first_pass
auth            sufficient      /usr/local/lib/      no_warn try_first_pass
auth            required             no_warn try_first_pass nullok

# account
#account        required
account         required        /usr/local/lib/      ignore_unknown_user ignore_authinfo_unavail
account         required
account         required

# session
#session        optional
session         required        /usr/local/lib/
session         required          no_fail

# password
#password       sufficient             no_warn try_first_pass
password        required             no_warn try_first_pass


Add the following lines to your /usr/local/etc/ldap.conf file:

# SUDO Configuration
sudoers_base ou=SUDOers,dc=claimlynx,dc=com