Trying to figure how to setup sssd to allow me to ssh into another box as root using the domain root passwd. Nothing I tried lets me do that so could someone please give me an example config which lets root in with domain passwd?
Jocke
On Wed, Sep 24, 2014 at 06:57:54PM +0200, Joakim Tjernlund wrote:
Trying to figure how to setup sssd to allow me to ssh into another box as root using the domain root passwd.
It's not possible by design, SSSD explicitly drops all requests for either root or UID 0. root is really a machine-local administrator, nothing that should be present on the remote servers.
Nothing I tried lets me do that so could someone please give me an example config which lets root in with domain passwd?
Why do you need this?
If your goal is to have the same root password across an enterprise, I recommend something like Puppet or Ansible.
If the goal is to let users administer machines, then storing sudo rules in LDAP is the best way forward.
On Thu, 25 Sep 2014, Jakub Hrozek wrote:
If your goal is to have the same root password across an enterprise, I recommend something like Puppet or Ansible.
If the goal is to let users administer machines, then storing sudo rules in LDAP is the best way forward.
I'm entirely in agreement with Jakub on this, although to sneak in an answer that nearly satisfies your query, you /could/ use .k5login to allow them to login over ssh as root with their kerberos credential. I don't think that's a better solution than sudo/puppet though.
jh
sssd-users@lists.fedorahosted.org