Bug 764 – sudoers does not support SASL_MECH in ldap.conf

Bug 764 - sudoers does not support SASL_MECH in ldap.conf


Summary:	sudoers does not support SASL_MECH in ldap.conf

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudoers
Version:	1.8.19
Hardware:	PC Linux

Importance:	low normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-12-24 04:58 MST by Elizabeth Myers
Modified:	2022-03-04 09:23 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Elizabeth Myers 2016-12-24 04:58:52 MST

Hello,

In my environment it is necessary to set EXTERNAL authentication for SASL, since we use TLS certificate authentication. Right now, sudoers only makes use of simple authentication, which causes a failure. Sudoers should honour the SASL_MECH option in ldap.conf.

Cheers,
Elizabeth

Comment 1 Todd C. Miller 2017-01-17 11:12:10 MST

Initial support for SASL_MECH has been added in:
https://www.sudo.ws/repos/sudo/rev/d057bb7f2ddc

I don't currently have a way to test EXTERNAL authentication.  Would you be able to test it by checking out the tip of the sudo repo?  Alternately, I can build a tarball for you if that is easier.

Comment 2 Elizabeth Myers 2017-01-23 14:59:57 MST

I can make a test machine in my environment.

Comment 3 Todd C. Miller 2017-05-10 10:37:00 MDT

Sudo 1.8.20 includes support for SASL_MECH but it is untested.

Comment 4 Todd C. Miller 2022-03-04 09:23:01 MST

Sudo has support for SASL_MECH since 1.8.20.  Please re-open if it does not work for you.