[Freeipa-users] Wildcards in sudo external hostnames
Alexander Bokovoy
abokovoy at redhat.com
Mon Feb 22 10:31:29 UTC 2016
On Mon, 22 Feb 2016, Prashant Bapat wrote:
>Sorry not an option. I have couple of 1000s of instances. Aside from
>switching OS is there any other option? I mean "*" char is allowed in
>standard sudo implementation. To me it seems like there should not be a
>host name check on sudo hosts.
sudoers.ldap has a warning that wildcards in sudo entries may not be
supported by all LDAP servers.
I don't think using wildcards is a good one, from multiple points of
view. Applying group checks, with auto-membership plugin on IPA side
used to populate the groups is much better maintenance-wise (and
security too, if you ask me).
>
>On 22 February 2016 at 12:22, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>
>> On Mon, 22 Feb 2016, Prashant Bapat wrote:
>>
>>> SSSD on Amazon linux is a dead end! I have tried since a year without any
>>> definitive answer.
>>>
>>> Any other suggestions ?
>>>
>> Switch to CentOS AMIs.
>>
>> --
>> / Alexander Bokovoy
>>
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list