Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: "sudo su -" showing lot of information on OpenLDAP
Top Forums UNIX for Advanced & Expert Users "sudo su -" showing lot of information on OpenLDAP Post 303030887 by solaris_1977 on Monday 18th of February 2019 06:02:02 PM
Old 02-18-2019
"sudo su -" showing lot of information on OpenLDAP
Hello,
I have configured new LDAP and new LDAP clients. When I do "sudo su -", it shows me lot of information, which is not required on screen. I am not sure, if any debug mode is enabled or from where it can be turned off. Please suggest, if it is know for you.
Code:
-bash-3.2$ sudo su -
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: bind_timelimit -> 3000
sudo: ldap_set_option: network_timeout -> 3000
sudo: ldap_set_option: timelimit -> 5
sudo: ldap_sasl_bind_s() ok
sudo: Looking for cn=defaults: cn=defaults
sudo: found:cn=defaults,ou=sudoers,dc=test1,dc=test2,dc=ia,dc=us
sudo: ldap search '(|(sudoUser=john)(sudoUser=%john)(sudoUser=%#30421)(sudoUser=%ids)(sudoUser=%idssa)(sudoUser=%#10000)(sudoUser=%#10001)(sudoUser=ALL))'
sudo: searching from base 'ou=sudoers,dc=test1,dc=test2,dc=ia,dc=us'
sudo: adding search result
sudo: result now has 1 entries
sudo: ldap search '(sudoUser=+*)'
sudo: searching from base 'ou=sudoers,dc=test1,dc=test2,dc=ia,dc=us'
sudo: adding search result
sudo: result now has 1 entries
sudo: sorting remaining 1 entries
sudo: searching LDAP for sudoers entries
sudo: Command allowed
sudo: LDAP entry: 0x8075b20
sudo: done with LDAP searches
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(0)=0x02
"[sudo] john's password: "
sudo: removing reusable search result
Oracle Corporation      SunOS 5.10      Generic Patch   January 2005
You have new mail.
-bash-3.2#

Thanks
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies

2. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies

3. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

4. Solaris

missing "nisdomainobject.schema" openldap on solaris 10

Hello I am setting the following openladp on solaris 10 (amd64 8/11), i have Berkeley DB installed (db-4.4.20.tar.gz) and openldap (2.4.26). All is going quite well however i don't have "nisdomainobject.schema" for solaris, i know you could download this at one point. Does anyone have a copy... (0 Replies)
Discussion started by: Carlt23
0 Replies

5. Linux

Showing "permission denied" when trying to login in - Montavista Linux

Hello friends, I have scratched my system and after that when I am trying to access the console via root login it's failing with an error message of "permission denied". I am able to access the other login, I am having only problem with root and some other user login. I am using an telnet... (2 Replies)
Discussion started by: sanoop
2 Replies

6. UNIX for Advanced & Expert Users

Showing "permission denied" when trying to login in - Montavista Linux

Hello friends, I have scratched my system and after that when I am trying to access the console via root login it's failing with an error message of "permission denied". I am able to access the other login, I am having only problem with root and some other user login. I am using an telnet... (7 Replies)
Discussion started by: sanoop
7 Replies

7. Shell Programming and Scripting

Expect: spawn id exp5 not open while executing "expect "$" { send "sudo su -\r" }"

Hi All, i am trying to ssh to a remote machine and execute certain command to remote machine through script. i am able to ssh but after its getting hung at the promt and after pressing ctrl +d i am gettin the out put as expect: spawn id exp5 not open while executing "expect "$" {... (3 Replies)
Discussion started by: Siddharth shivh
3 Replies

8. Shell Programming and Scripting

Explaining behaviour of sudo bash "$0" "$@";

I've found this script part on the stackoverflow: if ; then sudo bash "$0" "$@"; exit "$?"; fi I realized that sudo bash "$0" "$@"; is the only needed for me. But the strange thing happens when I move this line outside the IF statement: sudo bash "$0" "$@"; stops the... (9 Replies)
Discussion started by: boqsc
9 Replies

9. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

10. Solaris

Ipadm showing "/?" in ADDROBJ on S11 local zone

Hi! I have a Solaris 11 local zone, everything is running fine, BUT, when I issue an "ipadm show-addr" from inside the local zone I get the following: root@xxxxxxx:/var/opt# ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/? inherited ok 127.0.0.1/8... (2 Replies)
Discussion started by: rtmg
2 Replies

LEARN ABOUT CENTOS

pam_ssh_agent_auth

pam_ssh_agent_auth(8)							PAM						     pam_ssh_agent_auth(8)

PAM_SSH_AGENT_AUTH
       This module provides authentication via ssh-agent.  If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has
       the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails.

SUMMARY

       /etc/pam.d/sudo: auth	sufficient     pam_ssh_agent_auth.so file=/etc/security/authorized_keys
       /etc/sudoers:
	    Defaults	env_keep += "SSH_AUTH_SOCK"

       This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in
       /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can
       either be local, or forwarded.

       Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry.

ARGUMENTS

       file=<path to authorized_keys>
	   Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below)

       allow_user_owned_authorized_keys_file
	   A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically
	   whenever the expansions %h or ~ are used.

       debug
	   A flag which enables verbose logging

       sudo_service_name=<service name you compiled sudo to use>
	   (when compiled with --enable-sudo-hack)

	   Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER
	   is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER.

	   This defaults to "sudo".

EXPANSIONS

       ~  -- same as in shells, a user's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file
	   to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file

       %h -- User's Home directory
	   Automatically enables allow_user_owned_authorized_keys_file

       %H -- The short-hostname
       %u -- Username
       %f -- FQDN

EXAMPLES

       in /etc/pam.d/sudo

       "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys"
	   The default .ssh/authorized_keys file in a user's home-directory

       "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys"
	   Same as above.

       "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys"
	   If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys.  In this case, we have not
	   specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys.	In this case, we specified
	   allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself.

       "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys"
	   On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys.	In this case, we
	   have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root.

v0.8								    2009-08-09						     pam_ssh_agent_auth(8)
All times are GMT -4. The time now is 03:25 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy