sudo alternatives; for the minimalists
Doug McIntyre
merlyn at geeks.org
Mon Mar 13 17:34:36 UTC 2017
On Mon, Mar 13, 2017 at 06:21:15PM +0100, Harry Schmalzbauer wrote:
> Bezüglich Phil Eaton's Nachricht vom 13.03.2017 16:48 (localtime):
> > How do you feel about the security/doas port from OpenBSD?
>
> Thanks, most likely worth a look. But it has no credentials caching,
> does it?
> That's my most wanted feature, otherwise I'm still fine with su (no
> classic user privileging needed, only for admin tasks)
I think you are collapsing two features into one with this requirement,
and I'm not sure what you are expecting.
One way to do what I think you are looking for is you can use SSH
public-key auth to PAM authenticate in as root priviledges into a server.
eg. see this discussion thread.
https://forums.freebsd.org/threads/35645/
Another way keychain/SSH is used, is as an ssh-agent (probably likely
of what you are looking for)
I was trying to find a decent web page (ie. more than a mention
of how to run ssh-agent), but ran across a wrapper that did a bit
more with it for you.
http://www.funtoo.org/index.php?title=Keychain
with links to a better description of ssh-agent and using it, even if
they are a bit dated (ie. ignore the part about DSA keys altogether).
More information about the freebsd-questions
mailing list