[33172] in Kerberos
Re: restricting principals to certain commands only (like ssh's
daemon@ATHENA.MIT.EDU (mikhail_teterin@timeinc.com)
Mon Jan 31 18:00:02 2011
Message-ID: <4D472790.8060908@timeinc.com>
Date: Mon, 31 Jan 2011 16:20:16 -0500
From: mikhail_teterin@timeinc.com
MIME-Version: 1.0
To: Frank Cusack <frank+krb@linetwo.net>
In-Reply-To: <41B0788609DF5294F13F255F@dhcp-172-19-77-75.mtv.corp.google.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 31.01.2011 15:57, Frank Cusack wrote:
> I recently added this support and will release it shortly.
Thank you, Frank! Will this be an extension to the .k5login syntax, or
something else? Yours,
-mi
> On 1/31/11 3:37 PM -0500 Mikhail T. wrote:
>> Hello!
>>
>> We are using Kerberos throughout, but one feature of ssh
>> "authorized_keys" feels missing...
>>
>> We'd like to be able to limit principles to only be able to execute
>> certain commands.
>>
>> It would seem, that the ~/.k5users file allows that, but that is only
>> consulted by ksu(1).
>>
>> How can I allow a certain key to login as myself, but only to execute a
>> particular command -- not complete shell? Thanks! Yours,
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
