Looking into the feasibility of configuring our VMs (RHEL 8) so users in the wheel group use their LDAP password to authenticate for Sudo
What I've done so far is configured sssd for LDAP authentication, and added this to sudoers:
Defaults !targetpw
This does get the intended functionality but unfortunately it also allows any LDAP user to log in to the VM (we use CA signed ssh certs). I only want to allow users with a local account.
I've been able to block non-local users by configuring /etc/pam.d/sshd to require a local user with session required pam_localuser.so at the top.
Is there a better/simpler way to accomplish this?
