Ideas for ssh / sudo
Paul Lussier
pll at mclinux.com
Tue Oct 10 16:09:03 EDT 2000
In a message dated: Tue, 10 Oct 2000 16:01:20 EDT
"Marillier, Allan" said:
>Another option - but it also has potential for abuse - you could
>set up a mail alias which pipes to a program/script.
>e.g. add an entry to /etc/aliases
> mailadmin: |"/usr/local/bin/mailadmin"
>and run newaliases. Then you have a script named mailadmin,
>which receives the output of a message, parses it, and acts on the
>content of the message.
I just actually sent a similar idea to the original poster. The difference in
my scheme would be:
a. have a web page (on some other system) with a form
which requests all relevent infomation from the "user"
b. have the "submit" button e-mail this request to the "admin" group
for verification/authorization
c. admin group forwards request to the alias mentioned above
d. the script parses the e-mail and verifies:
1. that it really comes from someone listed
in the the admin group
2. the request command is in proper format
e. the script passes the information off to an "addalias" script or
function
My vision of how this would work is that the web page is on a separate system
from the web server, and the script would be written in perl. Since most of
the interaction is via e-mail, you could bring a pgp signature into the scheme
and have the script authticate the pgp signature of e-mail it receives.
That way you have a 3-step authentication; first the e-mail must be *from* an
authorized user (easy to forge), second, the e-mail must contain a correctly
formatted request string (also easy to forge), third, the e-mail must contain
a pgp signature matching the key on record for the "from" sender.
There may be some kinks in this plan, but this is only the result of 5 minutes
of thought :)
--
Seeya,
Paul
----
I'm in shape, my shape just happens to be pear!
If you're not having fun, you're not doing it right!
More information about the sudo-users
mailing list