That you for your suggestions. I didn't know I could use NIS for sudo, had never thought of it. Most of the sites I support use NIS while others use local accounts. I would like to LDAP but it left a bad taste the last time I used it, HP-UX 10.20 and LDAP to NIS gateways don't work very well, at least they didn't 3 years ago.
Have any advice for using LDAP to manage sudo (privileged) access? On Mon, Mar 15, 2010 at 6:06 PM, Rick Stevens <ri...@nerd.com> wrote: > On 03/15/2010 04:04 PM, Tom H wrote: > >>> Rather than create different /etc/sudoers for each box, can't you use > >>> a name service (with>1500 boxes you must already have one running) > >>> and set up netgroups for users, commands, boxes, and auths? > > > >> Yes, name service (DNS) is running but not supported by my department. > >> This infrastructure has grown into what it is now for long time. I am > >> trying to straighten it out. > > > > By "name service," I meant NIS, NIS+, LDAP. > > I second that. You have to join the 21st century sometime. LDAP is > a good choice AND you can manage the sudo file from it as well (a thing > I've found VERY useful). > > NIS was invented by Sun, NIS+ expanded upon it. Almost all Unixish > systems will support NIS/NIS+. Most will support LDAP (Solaris, Linux, > FreeBSD, HP/UX for sure). > ---------------------------------------------------------------------- > - Rick Stevens, Systems Engineer, C2 Hosting ri...@nerd.com - > - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - > - - > - If at first you don't succeed, quit. No sense being a damned fool! - > ---------------------------------------------------------------------- > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > -- Jamie Bohr
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
