Using libpam-ssh-agent-auth for sudo authentication

sudo, is a mechanism for unprivileged user to gain privileged accesses. It’s much better than giving out root password to allow users to do su, but still requires trade off between security and convenience:

  • On some personal systems like Ubuntu, it is so configured that normal user can use sudo for any command without specifying their passwords. It’s very convenient, but serious system administrators will shake their heads when asked to put the same mechanism within their systems.
  • That’s why for security reasons, normal *nix system will enforce that the sudo users to key in their passwords each time they use sudo. This is secure however inconvenient.

That’s the trade-off/dilemma of using sudo. Are there other mechanisms to make sure the sudo users are actually who they are, yet they don’t need to key in their passwords each time they use sudo?

Read on at https://sfxpt.wordpress.com/libpam-ssh-agent-auth/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s