Has anyone here worked with PowerBroker? It is a tool quite similar to sudo that allows you to control users' access to various commands that need to be run with elevated access. We currently have an implementation of sudo built to use LDAP sudoers tied to a bash shell customized for shell logging, both of which report to a syslog server which stores all of the info in a database. We're finding that the duct tape and bubble gum approach left to us by the former manager is terrible for audit compliance. Horrible reporting, management nightmare, a pain in the ass to implement on different platforms due to the customized shells, etc. Anyway, I'm wondering what kind of work is involved in deploying it and then maintaining it on a day to day basis. I know what I have now sucks, but I'm afraid to implement something that requires so much maintenance that we can't keep up.