[33169] in Kerberos
restricting principals to certain commands only (like ssh's "forced
daemon@ATHENA.MIT.EDU (Mikhail T.)
Mon Jan 31 15:50:20 2011
Message-ID: <4D471D9C.1020802@aldan.algebra.com>
Date: Mon, 31 Jan 2011 15:37:48 -0500
From: "Mikhail T." <mi+thun@aldan.algebra.com>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello!
We are using Kerberos throughout, but one feature of ssh
"authorized_keys" feels missing...
We'd like to be able to limit principles to only be able to execute
certain commands.
It would seem, that the ~/.k5users file allows that, but that is only
consulted by ksu(1).
How can I allow a certain key to login as myself, but only to execute a
particular command -- not complete shell? Thanks! Yours,
-mi
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
