From owner-freebsd-questions@freebsd.org Tue Mar 14 08:13:00 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1FB97D0B35F for ; Tue, 14 Mar 2017 08:13:00 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AA02818D8 for ; Tue, 14 Mar 2017 08:12:59 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [IPv6:2001:8b0:151:1:1c1d:86a1:a200:b700]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 49F23E3F1 for ; Tue, 14 Mar 2017 08:12:55 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/49F23E3F1; dkim=none; dkim-atps=neutral Subject: Re: sudo alternatives; for the minimalists To: freebsd-questions@freebsd.org References: <58C6BDC0.7070307@omnilan.de> <58C6D50B.8030803@omnilan.de> <20170313173427.GA83078@geeks.org> <58C6F4D2.1050203@omnilan.de> From: Matthew Seaman Message-ID: Date: Tue, 14 Mar 2017 08:12:50 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <58C6F4D2.1050203@omnilan.de> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="jkMOdaFIHQNW0cSJFuTEl2FO6ilD3nNIs" X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE, SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Mar 2017 08:13:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --jkMOdaFIHQNW0cSJFuTEl2FO6ilD3nNIs Content-Type: multipart/mixed; boundary="F4VcTC1OsaHpvoPnIraMlANfc4AQ0MsGR"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: Subject: Re: sudo alternatives; for the minimalists References: <58C6BDC0.7070307@omnilan.de> <58C6D50B.8030803@omnilan.de> <20170313173427.GA83078@geeks.org> <58C6F4D2.1050203@omnilan.de> In-Reply-To: <58C6F4D2.1050203@omnilan.de> --F4VcTC1OsaHpvoPnIraMlANfc4AQ0MsGR Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 13/03/2017 19:36, Harry Schmalzbauer wrote: > So I'm logged in by pub-key-auth with passphrase from gpg-agent as > regular user =96 convinient so far. >=20 > But now I have to re-type the SuperUser password any time I utilize 'su= > -c', which is often :-( > On MacOS, I just have to do SuperUser privilege authorization once, the= n > sudo doesn't ask on subsequent call. > That's what I'm looking for :-) pam_ssh_agent_auth will let you use your SSH key held in your agent to authenticate with sudo -- you will need to install it, and then configure /usr/local/etc/pam.d/sudo to use it. Cheers, Matthew --F4VcTC1OsaHpvoPnIraMlANfc4AQ0MsGR-- --jkMOdaFIHQNW0cSJFuTEl2FO6ilD3nNIs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJYx6YHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATNrwP/RoXQd1S9DXtP0PkFWkkG8Fz SKWyVIFbbEk4Ckih5TJtvZ4nOwqxosA0XuI0+miNU4p611Cko1EAebtKaTAmmeqP 83mWC8BC9du4zWOFOhzbaSL0fzcqy+OtFcruThv9Zhk2PYHDvAzxLhV2596zUBJj s1JvUPPK4JNX5y55KdYaXYRmOOxQdqSuzbBbae/2DatVvGY/Cgm4AxSaB985gM7g FfmDLbgJkNy9bN0qdvQJIuPbclNf1igO654GQl4IfLIAfku4eUSVqwnSADS7f66t 5FRMztdxcwIDE/uQWJ62/LlHQsPUH2a1lOoTJ+eaUEENkkQ7yqd4xj/rCgtaflwU a7SOMfKsxyKgkPnjuEjiSuoSwjRGrTOXKXyNRlvzhm+4dmfarAvJQHh+PWeCx/k7 LqtCBWUPThEIRe+Cd9L4KKLjgRYZUa+dnnmTRW25bayWhcCvmyK9GXYJezArExyK mPyCTFReXsD5YP2tS4aIvYVON0xqlg8MNzFZLRKDgdEIkQrqVyUGZfI2Qqm0OTAV IB+n+BdWUkuYaKpJ2azee9RbXXh4pv9wQ4vMn/o/LI0eBGbnjfct+6H76cozavpC KHANJ0zCPVzeBI/dp4Kio8h1Tz0mETZ1SJSWWcx4ElzPKEmlPL3+1WhhpLPxp1QY CkvoOjd1wUcaab5azY+G =rfZE -----END PGP SIGNATURE----- --jkMOdaFIHQNW0cSJFuTEl2FO6ilD3nNIs--