Alle,
I know this is available somewhere and I've read it before but I can't seem to find it know that I need it (age is definitely catching up to me). I'm trying to find out the build parameters used with the current installation of sudo-1.6.7p5-30.1.3, specifically, whether "--with-ldap" was used. Sorry for the inconvenience.
Best Regards, Camron
On Thu, 7 Sep 2006, Camron W. Fox wrote:
I'm trying to find out the build parameters used with the current installation of sudo-1.6.7p5-30.1.3, specifically, whether "--with-ldap" was used.
When I run ldd against /usr/bin/sudo, nothing remotely LDAP-ish shows up.
Otherwise, you'll want to download the source rpm and investigate the .spec file:
cd /var/tmp wget http://mirror.centos.org/centos-4/4.4/os/SRPMS/sudo-1.6.7p5-30.1.3.src.rpm rpm2cpio sudo-*.src.rpm | cpio -id less sudo.spec
Paul Heinlein wrote:
On Thu, 7 Sep 2006, Camron W. Fox wrote:
I'm trying to find out the build parameters used with the current installation of sudo-1.6.7p5-30.1.3, specifically, whether "--with-ldap" was used.
When I run ldd against /usr/bin/sudo, nothing remotely LDAP-ish shows up.
Paul,
I ran ldd, and found the same. Just wanted to make sure I didn't miss anything. For all, these are the config params:
%configure \ --prefix=%{_prefix} \ --sbindir=%{_sbindir} \ --with-logging=syslog \ --with-logfac=authpriv \ --with-pam \ --with-editor=/bin/vi \ --with-env-editor \ --with-ignore-dot \ --with-tty-tickets \ --without-interfaces
Best Regards, Camron
Camron W. Fox wrote:
Paul Heinlein wrote:
On Thu, 7 Sep 2006, Camron W. Fox wrote:
I'm trying to find out the build parameters used with the currentinstallation of sudo-1.6.7p5-30.1.3, specifically, whether "--with-ldap" was used.
When I run ldd against /usr/bin/sudo, nothing remotely LDAP-ish shows up.
Paul,
I ran ldd, and found the same. Just wanted to make sure I didn'tmiss anything. For all, these are the config params:
%configure \ --prefix=%{_prefix} \ --sbindir=%{_sbindir} \ --with-logging=syslog \ --with-logfac=authpriv \ --with-pam \ --with-editor=/bin/vi \ --with-env-editor \ --with-ignore-dot \ --with-tty-tickets \ --without-interfaces
Best Regards, Camron
I'm not fully up on all this, it's a very confusing journey, but I think that if PAM's configured to use LDAP, then sudo will too.
On Sep 7, 2006, at 7:47 PM, John Summerfield wrote:
I'm not fully up on all this, it's a very confusing journey, but I think that if PAM's configured to use LDAP, then sudo will too.
it depends on what you mean by "use LDAP"; if you're just talking about doing UID and password mapping via LDAP, then yes, that's handled by PAM, but the --use-ldap directive to sudo enables it to pull configuration information (that is usually stored in /etc/ sudoers) from a LDAP database, and that process has nothing to do with PAM.
http://www.courtesan.com/sudo/readme_ldap.html
based on that snippet of .spec file, i don't believe the stock sudo is compiled with LDAP support. Camron, do you know how to modify a SRPM? you'll need to install the SRPM, edit the .spec, and recompile.
-steve
-- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v
Steve Huff wrote:
On Sep 7, 2006, at 7:47 PM, John Summerfield wrote:
I'm not fully up on all this, it's a very confusing journey, but I think that if PAM's configured to use LDAP, then sudo will too.
it depends on what you mean by "use LDAP"; if you're just talking about doing UID and password mapping via LDAP, then yes, that's handled by PAM, but the --use-ldap directive to sudo enables it to pull configuration information (that is usually stored in /etc/sudoers) from a LDAP database, and that process has nothing to do with PAM.
http://www.courtesan.com/sudo/readme_ldap.html
based on that snippet of .spec file, i don't believe the stock sudo is compiled with LDAP support. Camron, do you know how to modify a SRPM? you'll need to install the SRPM, edit the .spec, and recompile.
-steve
Steve,
I've done it, but I wouldn't say I'm *comfortable* with it yet (can't learn if you don't do, right?). Also, I have this phobia about changing stock pkg installations. These guys have done such good work, I'd hate to screw it up!
Best Regards, Camron
Camron W. Fox Hilo Office High Performance Computing Group Fujitsu America, INC. E-mail: cwfox@us.fujitsu.com
-
Camron W. Fox -
John Summerfield -
Paul Heinlein -
Steve Huff