changing the login password's requirement
Joel
rees at ddcom.co.jp
Wed Apr 20 02:59:00 UTC 2005
On Tue, 19 Apr 2005 14:19:59 -0700
Don Russell <fedora at drussell.dnsalias.com> wrote
> [...]
> However, something I *would like* is a way to log on to one ID but
> specifying the password of another. Sounds crazy....
Not really.
> but here's how it
> works:
>
> logon to user x "by y"
> system prompts for/wants password for user "y"
> correct password is entered, authentication success, log on complete.
>
> User "x" is now logged on with all of user x authority etc, just as if
> user x password was used.
man sudo?
> Then the key part is to authorize who (which y) can actually log on to x.
man /etc/sudoers?
> This is already done on other systems (IBM mainframe VM system) and is
> very helpful in terms of security... no need to ever share the password
> for root (or any other ID).
>
> There is an audit trail showing who logged on to the ID.
yeah
> Of course originally someone has to log on to root to grant the first
> permission... but after that, root never needs to be logged on using
> root's password.
maybe rpm -i sudo, and then visudo?
> By extension, such a mechanism could be applicable to the use of "su -".
> Instead of prompting for root's password, prompt foe the current user
> password, then see if that user is authorized to log on to root.
>
> You could get away with not prompting, taking the approach that the user
> already logged on, but the prompt is still a good idea in case user y
> steps away and a new guy secretly uses "su -"...
So, why don't you like sudo?
--
Joel Rees <rees at ddcom.co.jp>
digitcom, inc. 株式会社デジコム
Kobe, Japan +81-78-672-8800
** <http://www.ddcom.co.jp> **
More information about the fedora-list
mailing list