On Wed, Sep 24, 2014 at 06:57:54PM +0200, Joakim Tjernlund wrote:
Trying to figure how to setup sssd to allow me to ssh into another box
as
root using the domain root passwd.
It's not possible by design, SSSD explicitly drops all requests for either root or UID 0. root is really a machine-local administrator, nothing that should be present on the remote servers.
Thanks, I can stop trying then. This should be clearly stated somewhere though.
Nothing I tried lets me do that so could someone please give me an
example
config which lets root in with domain passwd?
Why do you need this?
Because as an admin I need to login on users boxes to fix stuff they broke. Sometimes su/sudo are not setup/broken too.
If your goal is to have the same root password across an enterprise, I recommend something like Puppet or Ansible.
How does that help me to ssh in and what if Puppet/Ansible is not setup/broken? Not every box is installed the same.
If the goal is to let users administer machines, then storing sudo rules in LDAP is the best way forward.
That we have but I am looking for easy admin access.
sssd should not dictate way of working. Admins should be able to change this behaviour, especially since this a new sssd specific rule and makes it harder for existing IT environments to migrate to sssd. Keep as default but let me override please.
PS. Please CC me as I am not on the list.