Speaking totally blindly here ... is there any way that "PAM" (Pluggable Authentication Modules...) could be of service here?
The essential idea here is ... "AFAIK (which isn't much...), PAM ultimately controls everything." Therefore, if the sudo command does, or if it can, tap into the PAM mechanism, then your problem might be very close to being solved. It intuitively seems to me that you ought to be able to outright supersede the default behavior of sudo, and to very-elegantly substitute into its place an AD-based mechanism ... courtesy of PAM.
|