changing the login password's requirement

[Joel]

On Tue, 19 Apr 2005 14:19:59 -0700
Don Russell <fedora at drussell.dnsalias.com> wrote

> [...]
> However, something I *would like* is a way to log on to one ID but 
> specifying the password of another. Sounds crazy....

Not really.

> but here's how it 
> works:
> 
> logon to user x "by y"
> system prompts for/wants password for user "y"
> correct password is entered, authentication success, log on complete.
> 
> User "x" is now logged on with all of user x authority etc, just as if 
> user x password was used.

man sudo?

> Then the key part is to authorize who (which y) can actually log on to x.

man /etc/sudoers?

> This is already done on other systems (IBM mainframe VM system) and is 
> very helpful in terms of security... no need to ever share the password 
> for root (or any other ID).
> 
> There is an audit trail showing who logged on to the ID.

yeah

> Of course originally someone has to log on to root to grant the first 
> permission... but after that, root never needs to be logged on using 
> root's password.

maybe rpm -i sudo, and then visudo?

> By extension, such a mechanism could be applicable to the use of "su -". 
> Instead of prompting for root's password, prompt foe the current user 
> password, then see if that user is authorized to log on to root.
> 
> You could get away with not prompting, taking the approach that the user 
> already logged on, but the prompt is still a good idea in case user y 
> steps away and a new guy secretly uses "su -"...

So, why don't you like sudo?


--
Joel Rees   <rees at ddcom.co.jp>
digitcom, inc.   株式会社デジコム
Kobe, Japan   +81-78-672-8800
** <http://www.ddcom.co.jp> **