[sudo-users] Cache password at login?

[Edward Capriolo]

On Wed, Dec 9, 2009 at 9:30 AM, Jamie Beverly <jamie.beverly at yahoo.com> wrote:
>
> On Dec 8, 2009, at 3:29 PM, "Eric S. Johansson" <esj at harvee.org> wrote:
>
> Pepijn Schmitz wrote:
> Hi everyone,
>
> I have a question that I haven't been able to find the answer to on the
> Internet or in the sudo manual: is it possible to cache the password when I
> log in?
>
> I frequently log on to my Ubuntu server to perform some administrative
> tasks. Every time I have to give my password to log in, and then immediately
> give my password again to sudo. It would be nice if the login program, which
> runs as root, could set my sudo timestamp somehow so that if I execute sudo
> immediately after logging in it doesn't have to ask me for my password. Is
> there a way to do this with login / sudo / some other tool?
>
> setup the root account to authenticate via ssh keys.  login as root and bingo.
>
> otoh, I'v always wondered why one can't use ssh keys for authentication for
> sudo.  one login method for all access.
>
> http://pamsshagentauth.sf.net
>
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>
>
>
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
>

I spend some time setting up a public key in ldap and sudo LDAP solution.

The two systems are somewhat at odd, if you are logging in with a
key_file you probably do not want passwords for sudo, and vice-versa.

I always though it would be nice to enforce two-factor authentication.
For example login request public key and server side password. Or in a
super secure environment three form,
public key+password+one time password.