sudo alternatives; for the minimalists

[Harry Schmalzbauer]

Bezüglich Doug McIntyre's Nachricht vom 13.03.2017 18:34 (localtime):
> On Mon, Mar 13, 2017 at 06:21:15PM +0100, Harry Schmalzbauer wrote:
>> Bezüglich Phil Eaton's Nachricht vom 13.03.2017 16:48 (localtime):
>>> How do you feel about the security/doas port from OpenBSD?
>>
>> Thanks, most likely worth a look. But it has no credentials caching,
>> does it?
>> That's my most wanted feature, otherwise I'm still fine with su (no
>> classic user privileging needed, only for admin tasks)
> 
> I think you are collapsing two features into one with this requirement,
> and I'm not sure what you are expecting.
> 
> One way to do what I think you are looking for is you can use SSH
> public-key auth to PAM authenticate in as root priviledges into a server.
> 
> eg. see this discussion thread.
> 
> https://forums.freebsd.org/threads/35645/
> 
> 
> Another way keychain/SSH is used, is as an ssh-agent (probably likely
> of what you are looking for)
> 
> I was trying to find a decent web page (ie. more than a mention
> of how to run ssh-agent), but ran across a wrapper that did a bit
> more with it for you.
> 
> http://www.funtoo.org/index.php?title=Keychain
> 
> with links to a better description of ssh-agent and using it, even if
> they are a bit dated (ie. ignore the part about DSA keys altogether).


Thanks, but I'm really only looking for some kind of "'su -c'-credential
caching".

I'm using gpg-agent eversince which handles my ssh-keys perfectly.  But
of course I'm not logging in as SuperUser, just regular user with
wheel-membership.

So I'm logged in by pub-key-auth with passphrase from gpg-agent as
regular user – convinient so far.

But now I have to re-type the SuperUser password any time I utilize 'su
-c', which is often :-(
On MacOS, I just have to do SuperUser privilege authorization once, then
sudo doesn't ask on subsequent call.
That's what I'm looking for :-)

Thanks,

-harry