Date: Fri, 26 Mar 1999 21:46:39 -0500 (EST) From: David Gilbert <dgilbert@velocet.ca> To: Frank Tobin <ftobin@bigfoot.com> Cc: FreeBSD-security Mailing List <freebsd-security@FreeBSD.ORG> Subject: Re: sudo (was Re: Kerberos vs SSH) Message-ID: <14076.18063.704725.905099@trooper.velocet.ca> In-Reply-To: <Pine.BSF.4.10.9903252308080.76901-100000@isr3277.urh.uiuc.edu> References: <Pine.BSF.4.05.9903251642150.23152-100000@kasie.rwsystems.net> <Pine.BSF.4.10.9903252308080.76901-100000@isr3277.urh.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Frank" == Frank Tobin <ftobin@bigfoot.com> writes: Frank> A decent way to get to prevent such attacks is to allow the use Frank> only S/Key one-time passwords when a person sudo's (or even Frank> logs in via any unencrypted means). I'm not sure how this Frank> would be accomplished, but I'd be surprised if it couldn't be Frank> done. I took a stab at forcing this right around the 3.0 release. I found that I couldn't quite force it. There were things in login.conf that sounded like they were meant to do this, but the actual /bin/login program has a lot of code commented out of it. I eventually gave up. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14076.18063.704725.905099>