From: Boomer Brainfood on
Hello everybody,

my company wants to integrate all Unix servers into active directory.
For "normal" account management I decided more or less to go down the
winbind route.
To have all information in one place, we also want to put sudoers in the AD.
Now the question is, how can I access the information ?
I don't think, winbind can provide sudoers information.
So, I guess I have to maintain a separate ldap.conf for sudo.
But, how does sudo authenticate to the LDAP server (the user is
authenticated using pam and thus through winbind (unless NOPASSWD is
- The standard answer is: use a proxy user. But I don’t like it
- How does winbind authenticate to the LDAP server ? Would it be possible
to do the same with nss_ldap ?
- Somebody suggested to use SASL -> GSS_API -> Kerberos. But how do I
handle non-AD users, or the NOPASSWD case ?


Minds are like parachutes
They only function when open

To unsubscribe from this list go to the following URL and read the