sudo, pam, ssh and Gnome
TRUCKS, JESSE (AIT)
jt9873 at sbc.com
Tue Sep 3 10:14:48 EDT 2002
This whole idea defeats several layers of security. Why not just log in as
root? If you want this level of privileges on a system without using the
root password, recompile sudo with no timeout for access, setup your user in
the sudoers file with the NOPASSWD option and have your login profile run
"sudo -v" to upgrade your privileges, or just run "sudo -s" to give you a
root shell.
> -----Original Message-----
> From: Aaron Sherman [mailto:ajs at itasoftware.com]
> Sent: Sunday, September 01, 2002 8:56 PM
> To: sudo-workers at sudo.ws
> Subject: sudo, pam, ssh and Gnome
>
>
> I have some questions which touch on the thread from
>
>
> http://www.sudo.ws/pipermail/sudo-workers/2001-November/000177.html
>
> as well as going off in my own direction. The summary is
> this: can sudo
> be made an integral part of UNIX and Linux authentication?
>
> Here's everything I'm thinking about:
>
> pam should use key exchange to authenticate to sudo
>
> Gnome's root authenticator should accept my password if I have sudo
> rights
>
> And now for the science-fiction: login, sshd, etc should have some way
> of allowing me to log in as root using a special password like
> "ajs//moocow" where ajs is my username and moocow is my password.
>
> Thoughts? I think the first could be accomplished with changes to sudo
> alone. The last two would require a new authentication method for pam.
>
>
> ____________________________________________________________
> sudo-workers mailing list <sudo-workers at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-workers
>
More information about the sudo-workers
mailing list