Project

General

Profile

Actions

Feature #9399

closed

pkg support for SSH + sudo authentication via LDAP

Added by Mark Staudinger over 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
sudo
Target version:
-
Start date:
03/14/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:

Description

Hi Folks,

You have a very usable and user-friendly webUI configuration tool for setting up LDAP authorization for webUI access. The integration of LDAP authorization to SSH and sudo is, however, more difficult than would be typical on a barebones server environment, for two reasons:

1) missing "nss_ldap" in the pfSense pkg repository. This package is required for the LDAP-specific modifications in /etc/nsswitch.conf to work. Importing the package file manually works, but that's something we typically try to avoid in usual practice.

2) 'sudo' package in pfSense repository does not have LDAP support compiled in. Again, we can use our own local packages at need, but it would be nice to have a pfSense-sanctioned package available, especially the pfSense-customized version. Perhaps an alternate pfSense-pkg-sudo-ldap package could be created?

Thanks for your consideration on these items!

Actions

Also available in: Atom PDF