New version of sudo. Now you can store your SUDOers in your ldap. Reproducible: Always Steps to Reproduce: 1. 2. 3. I just edited the sudo-1.6.7_p5.ebuild with some modifications. Now you have the use-flag for ldap. The patch I've copied from the sudo-worker-mailinglist (Mail from: "Todd C. Miller" <Todd.Miller@courtesan.com>). Without that patch pam returns always an error (PAM_ACCT_EXPIRED) after you entered your password (at least in ldap-mode).
Created attachment 37823 [details] sudo-1.6.8.ebuild
Created attachment 37824 [details, diff] files/pam.c-143.diff
Created attachment 38036 [details] sudo-1.6.8-r1.ebuild The patch isn't needed anymore, just install an updated /etc/pam.d/sudo
Created attachment 38037 [details] files/sudo The updated /etc/pam.d/sudo
Created attachment 40120 [details] sudo-1.6.8_p1.ebuild Fixes the last security issue (sudoedit)
Created attachment 44006 [details] sudo-1.6.8_p2.ebuild
Comment on attachment 44006 [details] sudo-1.6.8_p2.ebuild Fixes the security issue (http://www.sudo.ws/sudo/alerts/bash_functions.html)
Created attachment 45790 [details] sudo-1.6.8_p5.ebuild Some bug fixes.
Created attachment 48524 [details] Sudo-1.6.8_p6.ebuild
Created attachment 52848 [details] Sudo-1.6.8_p7.ebuild
Created attachment 55048 [details] sudo-1.6.8_p8.ebuild From sudo-announce: Sudo version 1.6.8, patchlevel 8 is now available, which fixes a few minor bugs on some platforms. Changes since Sudo 1.6.8p7: o Fixed noexec functionality on Linux. o Fixed a bug that prevented Heimdal authentication from working.
I'm testing this on one of our -infra boxes and it works fine. We are going to implement this soon for our g.o infrastructure so we would really like to see this in the stable tree :).
Thx to taviso for putting this into the tree.