Facebook Twitter
Linkedin LJ
Git Instagram
IPv6

AD + SSSD

If you have host in the AD with the SSSD then your root user can be any user from the domain. So

%groupname ALL=(ALL) NOPASSWD:ALL

would actually give permissions to all users from the “groupname” to become any AD user they want, and if they’re SSH’ng the localhost then, they would have Kerberos ticket as well. It is not actually that evident, but Active Directory is an identity provider, so if you are superuser on the host – you can be AD user on the host.

Share
Send
Feb 15   IT   linux   sssd
Your comment
won’t be published

HTML will not work

Ctrl + Enter
Popular