[sudo-workers] Policy Plugins
Todd C. Miller
Todd.Miller at courtesan.com
Fri May 13 12:59:03 MDT 2016
The reason that only a single policy plugin is supported is that
combining multiple disparate security policies in a meaningful way
is hard to do. How would you even analyze such a composite policy?
I don't think multi-factor authentication is a good reason to support
this, that is the job of things like PAM.
What I had been contemplating for a revamped plugin API is adding
approval plugins. These would not grant privileges and could only
be used to deny a command that was allowed by the policy plugin.
Possible uses include:
1. Local time of day restrictions.
2. Explicit approval requirements from a more senior admin, potentially
requiring the senior admin to sign-off on the command via XMPP
or some other method.
More information about the sudo-workers