[Freeipa-users] Configure IPA 3.1.5 client for sudo?

Jakub Hrozek jhrozek at redhat.com
Tue Jun 25 20:40:02 UTC 2013 

On Tue, Jun 25, 2013 at 10:34:36PM +0200, Jakub Hrozek wrote:
> On Tue, Jun 25, 2013 at 08:19:11PM +0000, JR Aquino wrote:
> > On Jun 25, 2013, at 2:52 AM, Martin Kosek <mkosek at redhat.com>
> >  wrote:
> > 
> > > On 06/24/2013 03:36 PM, Rob Crittenden wrote:
> > >> Dean Hunter wrote:
> > >>> On Mon, 2013-06-24 at 09:07 +0300, Alexander Bokovoy wrote:
> > >>>> On Sun, 23 Jun 2013, Dean Hunter wrote:
> > >>>>> Section 14.4. Applying the Configured sudo Policies to Hosts of the
> > >>>>> FreeIPA Guide, Edition 3.1.5 in the Fedora 18 documentation contains
> > >>>>> only an example of configuring sudo for use with FreeIPA 2.2. It differs
> > >>>>> in many regards from QA:Testcase freeipav3 sudo sssd in the Wiki at
> > >>>>> fedoraproject.org.
> > >>>>> 
> > >>>>> What instructions should I use to configure an IPA 3.1.5-1 client with
> > >>>>> sudo?
> > >>>> This thread should clear it up:
> > >>>> https://www.redhat.com/archives/freeipa-users/2013-June/msg00064.html
> > >>>> 
> > >>>> This presentation covers current state:
> > >>>> http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf
> > >>>> 
> > >>> Thank you for the prompt response!  I really appreciate how helpful
> > >>> y'all are on this list.  The slide presentation is especially useful
> > >>> because of all the explanation.  Have you identified a target release for:
> > >>> 
> > >>>    1) SSSD doesn't support FreeIPA as SUDO provider yet
> > >> 
> > >> To clarify, this is just to make SSSD use the native IPA schema instead of
> > >> ou=sudoers. https://fedorahosted.org/sssd/ticket/1108
> > > 
> > > Right. When talking about SUDO being able to select SSSD as a source database
> > > (instead of the native LDAP connection), this works already - SSSD reads
> > > ou=sudoers. There is an RFE ticket targeted to 3.4 already (it also contains
> > > steps how to configure it manually):
> > 
> > Is there a specific version of Sudo that supports nsswitch.conf having: sudo sss?
> 
> When speaking of sudo upstream, the first version where the sudo support
                                                          ^^^^^^^^^^^^^^^^
                                                          the sss support

                                                          sorry for typo
> landed was 1.8.6b4
> 
> > 
> > Is that version of Sudo available on RHEL?
> 
> In 6.4 it is.

More information about the Freeipa-users mailing list