Re: debian: user-request-daemon (it could solve some problems)
On Mon, 26 Feb 2007 20:29:59 +0000
The Fungi <fungi@yuggoth.org> wrote:
> On Fri, Feb 16, 2007 at 08:10:34AM +0000, Anton Piatek wrote:
> > I have a feeling you have reinvented the wheel. Sudo can be used
> > without a password and can be set on a per-user, per-application
> > basis i.e. give user X permission to run Y with/without a password.
>
> Even more flexible, sudo can be configured to use alternate means of
> authentication, such as OTP, PKI or a ticket authority, often being
> more secure options than reusable passwords when forced to admin a
> system via a connection from some untrusted client machine. Also,
> while I'm not sure I'd recommend it, sudo's rules (the sudoers file)
> can be served to a network of machines from some central authority
> such as an NFS export, YP/NIS+ or an LDAP backend. Not to mention,
> the design and implementation of sudo has 27 years of historical
> review and code audits from which to draw its assurance of security.
i could never imagine that it is possible to call a command and then
have root rights for it, without authentificating on the system with a
password. so i thought a daemon running as root might solve that problem
(which i thought it does exist) ;-). but since today i can not imagine
how sudo is doing that - it might be very difficult to explain since i
couldn't find an explantion on the net.
so, how is sudo doing this auth-job, even with no
password-verification. how does sudo treat the system?
has anyone an answer to that so i can understand it?
thank you for the participation and help
regards curt
--
make sure that anywhere in your mail the string
'debian' appears. otherwise your message will not
end up in my mailbox!
please cc me, i am not subscribed to the list
Curt Manucredo
curtm2 at yahoo dot de
.''`.
: :' :
`. `'`
`-
proud debian-user
http://www.debian.org
http://blueblended.wordpress.com
http://www.keinverlag.at/autoren.php?autor=2311
Reply to: