Bug 817409 - Use GSSAPI for setting uid=sudo password
Use GSSAPI for setting uid=sudo password
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Identity_Management_Guide (Show other bugs)
6.3
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Deon Ballard
ecs-bugs
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-29 16:17 EDT by Dmitri Pal
Modified: 2012-06-27 09:28 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-27 09:28:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2012-04-29 16:17:40 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2685

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#Setting_up_sudo_Rules-Server_Configuration_for_sudo_Rules

The documentation for setting the password on the shared sudo user should use GSSAPI instead of TLS.

In step 3, the a) section can be dropped entirely and b) replaced with:

$ ldappasswd -Y GSSAPI -S -h ipaserver.example.com uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
Comment 5 John Skeoch 2012-06-26 23:55:17 EDT
Verified the revised command string in:

http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/example-configuring-sudo.html#Setting_up_sudo_Rules-Server_Configuration_for_sudo_Rules

Red_Hat_Enterprise_Linux-Identity_Management_Guide-6-en-US-2.2.0-1

---

$ ldappasswd -Y GSSAPI -S -h ipaserver.ipadocs.org uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com
    New password: 
    Re-enter new password: 
    Enter LDAP Password:

Note You need to log in before you can comment on or make changes to this bug.