This is exactly my sort of thing as well. We seem to be in the freeipa group yet ppl are telling me to use pam.d...no one has really said you cannot do this in IPA, or you can and this is how......
:/ The very idea of using IPA is to stop having to do such local configuration.... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: [email protected] [[email protected]] on behalf of KodaK [[email protected]] Sent: Wednesday, 18 July 2012 3:50 a.m. To: [email protected] Subject: [Freeipa-users] another sudo su question I've been banging my head on this for a couple of days, and I can't find anything in the docs or by searching. I'm trying to do what I think should be pretty simple: I have a group of users and an application account, all in IPA. I want users in that group to be able to "sudo su - appacct". What I've found is that I probably can't do it exactly like that, so now I'm trying "sudo -i appacct", but I can't get that to work either. My rule is set up like this: rule name: become-appacct sudo option: -i appacct (I'm not sure this is right.) user groups: admins, appgroup host groups: apphostgroup Everything else is blank. Note that this is just the current configuration, I've tried a bunch of iterations. Any help? Thanks, --Jason -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
