Project

General

Profile

Feature #9399

pkg support for SSH + sudo authentication via LDAP

Added by Mark Staudinger 7 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
sudo
Target version:
Start date:
03/14/2019
Due date:
% Done:

100%

Estimated time:

Description

Hi Folks,

You have a very usable and user-friendly webUI configuration tool for setting up LDAP authorization for webUI access. The integration of LDAP authorization to SSH and sudo is, however, more difficult than would be typical on a barebones server environment, for two reasons:

1) missing "nss_ldap" in the pfSense pkg repository. This package is required for the LDAP-specific modifications in /etc/nsswitch.conf to work. Importing the package file manually works, but that's something we typically try to avoid in usual practice.

2) 'sudo' package in pfSense repository does not have LDAP support compiled in. Again, we can use our own local packages at need, but it would be nice to have a pfSense-sanctioned package available, especially the pfSense-customized version. Perhaps an alternate pfSense-pkg-sudo-ldap package could be created?

Thanks for your consideration on these items!

Associated revisions

Revision 7db5a396 (diff)
Added by Jim Pingle 7 months ago

Enable LDAP for sudo and build nss_ldap. Fixes #9399

History

#1 Updated by Jim Pingle 7 months ago

  • Assignee set to Jim Pingle

Considering we already build pam_ldap I'm not sure why nss_ldap was omitted, so I added it to the build list for 2.5.0.

I also enabled the LDAP option for sudo.

#2 Updated by Jim Pingle 7 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Jim Pingle 7 months ago

nss_ladp and LDAP-enabled sudo are both now present on 2.5.0 snapshots.

#4 Updated by Jim Pingle 2 months ago

  • Category set to sudo

#5 Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved

requested package and options are present.

Also available in: Atom PDF