Date: Mon, 13 Mar 2017 12:34:27 -0500 From: Doug McIntyre <merlyn@geeks.org> To: Harry Schmalzbauer <freebsd@omnilan.de> Cc: FreeBSD Questions !!!! <freebsd-questions@freebsd.org> Subject: Re: sudo alternatives; for the minimalists Message-ID: <20170313173427.GA83078@geeks.org> In-Reply-To: <58C6D50B.8030803@omnilan.de> References: <58C6BDC0.7070307@omnilan.de> <CAByiw%2Bp0cM%2BO-wd8uoo0Kp8BNEiQvrrmQuK858ALAR9bTfJThA@mail.gmail.com> <58C6D50B.8030803@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 13, 2017 at 06:21:15PM +0100, Harry Schmalzbauer wrote: > Bezüglich Phil Eaton's Nachricht vom 13.03.2017 16:48 (localtime): > > How do you feel about the security/doas port from OpenBSD? > > Thanks, most likely worth a look. But it has no credentials caching, > does it? > That's my most wanted feature, otherwise I'm still fine with su (no > classic user privileging needed, only for admin tasks) I think you are collapsing two features into one with this requirement, and I'm not sure what you are expecting. One way to do what I think you are looking for is you can use SSH public-key auth to PAM authenticate in as root priviledges into a server. eg. see this discussion thread. https://forums.freebsd.org/threads/35645/ Another way keychain/SSH is used, is as an ssh-agent (probably likely of what you are looking for) I was trying to find a decent web page (ie. more than a mention of how to run ssh-agent), but ran across a wrapper that did a bit more with it for you. http://www.funtoo.org/index.php?title=Keychain with links to a better description of ssh-agent and using it, even if they are a bit dated (ie. ignore the part about DSA keys altogether).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170313173427.GA83078>