lithnet / access-manager

Access Manager provides web-based access to local admin (LAPS) passwords, BitLocker recovery keys, and just-in-time administrative access to Windows computers in a modern, secure, and user-friendly way.
Other
238 stars 20 forks source link

Support JIT on Linux #209

Closed ph84172 closed 11 months ago

ph84172 commented 1 year ago

Would it be possible to consider adding JIT support for the Linux AM agent?

Thinking about a possible way to achieve this: the agent could write sudo authorization files into /etc/sudoers.d/ when JIT has been approved and then remove them again when the JIT window has expired. The downside is that this does place a dependency on the sudo package being available but it's a fairly standard component on the list of Linux distributions supported by the agent.

ryannewington commented 1 year ago

Hi Pete,

It's definitely something we are looking into. The next version of the linux agent will have Kerberos support, so this opens up possibility to have JIT support for AD-joined linux machines through the use of AD groups.

We're continuing to look at expanding the JIT offering into areas outside of Windows.

stale[bot] commented 12 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.