SecurID add-on
mackay at kodak.com
mackay at kodak.com
Thu Sep 21 16:06:22 EDT 2000
From: Scott D. MacKay
Hello all! Ah, yet another mailing list, heh.
I had a question about the SecurID option for SUDO. I found this by
accident when I had installed the ACE client and sudo complained about not
finding a /var/ace/sdconf.rec. Mulling around the examples tree, I saw
there were actually environment variables which affect where it looks for
files, namelyVAR_ACE, USR_ACE, CVT_ACE and DLC (at least accoring to a
script file in that directory). Setting it for where my sdconf.rec worked
nice, but I thought "Hey, isn't that a security problem? If someone makes
a remote securid server somwhere and is allowed to point my SUDO lookup
files to it, could they bypass the real authentication? I did see in the
FAQ about removed variables that a few related to kerberos are removed and
I thought it may be for this reason.
Should sudo be removing these variables too and setting them according to a
configure parameter?
-Scott
More information about the sudo-users
mailing list