[33170] in Kerberos
Re: restricting principals to certain commands only (like ssh's
daemon@ATHENA.MIT.EDU (Frank Cusack)
Mon Jan 31 15:58:13 2011
Date: Mon, 31 Jan 2011 12:57:54 -0800
From: Frank Cusack <frank+krb@linetwo.net>
To: "Mikhail T." <mi+thun@aldan.algebra.com>, kerberos@mit.edu
Message-ID: <41B0788609DF5294F13F255F@dhcp-172-19-77-75.mtv.corp.google.com>
In-Reply-To: <4D471D9C.1020802@aldan.algebra.com>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I recently added this support and will release it shortly.
On 1/31/11 3:37 PM -0500 Mikhail T. wrote:
> Hello!
>
> We are using Kerberos throughout, but one feature of ssh
> "authorized_keys" feels missing...
>
> We'd like to be able to limit principles to only be able to execute
> certain commands.
>
> It would seem, that the ~/.k5users file allows that, but that is only
> consulted by ksu(1).
>
> How can I allow a certain key to login as myself, but only to execute a
> particular command -- not complete shell? Thanks! Yours,
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
