I'm honestly a bit surprised that no one here has mentioned tools that let you manage things like Sudo rules. I highly recommend a project called FreeIPA, think of it as (horrors) AD for Linux/*nix systems. It can join AD forests, enable kerberos SSO across your org. It provides a nice WWW UI (and if that doesn't suit you, a CLI). It can manage sudo/SELInux Policy/NFS automounts/DNS/HBAC and much much more. When combined (default) with SSSD, it can cache auth creds, sudo rules etc etc... It *really* is a nice project and is probably at the forefront of modern OSS *nix authentication systems.