[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian: user-request-daemon (it could solve some problems)

On Fri, Feb 16, 2007 at 08:10:34AM +0000, Anton Piatek wrote:
> I have a feeling you have reinvented the wheel. Sudo can be used without
> a password and can be set on a per-user, per-application basis i.e. give
> user X permission to run Y with/without a password.

Even more flexible, sudo can be configured to use alternate means of
authentication, such as OTP, PKI or a ticket authority, often being
more secure options than reusable passwords when forced to admin a
system via a connection from some untrusted client machine. Also,
while I'm not sure I'd recommend it, sudo's rules (the sudoers file)
can be served to a network of machines from some central authority
such as an NFS export, YP/NIS+ or an LDAP backend. Not to mention,
the design and implementation of sudo has 27 years of historical
review and code audits from which to draw its assurance of security.
-- 
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
Reply to: