Using sudo with LUM-enabled eDirectory Users
Problem
We need a way to use sudo with eDirectory users who are LUM-enabled.
Solution
1. Create the eDirectory Group.
2. LUM-enable it and the users contained in the Group.
3. Copy /etc/pam.d/sudo to /etc/pam.d/sudo_old
4. Copy /etc/pam.d/pam_nam_sample to /etc/pam.d/sudo
5. Modify /etc/pam.d/sudo and change ‘sufficient’ to ‘required’ (all instances – not a requirement).
6. Modify /etc/sudoers (using visudo) and add the eDir Group we initially created.
Example
The eDirectory group we created was gSUSEAdmin. We added the following below the line that reads “#%wheel ALL=(ALL) ALL”
%gSUSEAdmin ALL=(ALL) ALL
Note: Special thanks to Brent Griggs for his help with this …
No comments yet