We recently had a feature request for our Directory-as-a-Service® platform on a topic that we had just discussed here on the blog. We were asked to include the ability to sudo without a password into servers. While sudo into a box is a more secure mechanism, passwordless sudo may actually be necessary – often for service accounts that run as root.
JumpCloud’s initial functionality was to require a password to sudo into the box even if keys were present. This created a strong multi-factor auth of sorts with something you had (keys) and something you knew (password). That approach is ideal for key servers and situations where security is critical. In cases where automated processes are logging in and executing processes or commands, a passwordless sudo option is an excellent feature to have.
Give passwordless sudo a try on some of your servers and see if it helps ease some of the pain around your user management functions. And, if you would like to leverage JumpCloud’s cloud-based directory service for the rest of your organization, please take a look. We’ve centralized users management and included incredible features such as LDAP-as-a-Service, True Single Sign-On™, RADIUS-as-a-Service, device management, multi-factor authentication, and more. Let us know what you think!