Bug 764

Summary: sudoers does not support SASL_MECH in ldap.conf
Product: Sudo Reporter: Elizabeth Myers <elizabeth>
Component: SudoersAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: low    
Version: 1.8.19   
Hardware: PC   
OS: Linux   

Description Elizabeth Myers 2016-12-24 04:58:52 MST 
Hello,

In my environment it is necessary to set EXTERNAL authentication for SASL, since we use TLS certificate authentication. Right now, sudoers only makes use of simple authentication, which causes a failure. Sudoers should honour the SASL_MECH option in ldap.conf.

Cheers,
Elizabeth
Comment 1 Todd C. Miller 2017-01-17 11:12:10 MST 
Initial support for SASL_MECH has been added in:
https://www.sudo.ws/repos/sudo/rev/d057bb7f2ddc

I don't currently have a way to test EXTERNAL authentication.  Would you be able to test it by checking out the tip of the sudo repo?  Alternately, I can build a tarball for you if that is easier.
Comment 2 Elizabeth Myers 2017-01-23 14:59:57 MST 
I can make a test machine in my environment.
Comment 3 Todd C. Miller 2017-05-10 10:37:00 MDT 
Sudo 1.8.20 includes support for SASL_MECH but it is untested.
Comment 4 Todd C. Miller 2022-03-04 09:23:01 MST 
Sudo has support for SASL_MECH since 1.8.20.  Please re-open if it does not work for you.