Support JIT on Linux

[ph84172]

Would it be possible to consider adding JIT support for the Linux AM agent?

Thinking about a possible way to achieve this: the agent could write sudo authorization files into /etc/sudoers.d/ when JIT has been approved and then remove them again when the JIT window has expired. The downside is that this does place a dependency on the sudo package being available but it's a fairly standard component on the list of Linux distributions supported by the agent.

[ryannewington]

Hi Pete,

It's definitely something we are looking into. The next version of the linux agent will have Kerberos support, so this opens up possibility to have JIT support for AD-joined linux machines through the use of AD groups.

We're continuing to look at expanding the JIT offering into areas outside of Windows.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.