torriem at gmail.com
Mon Apr 7 13:04:18 MDT 2008
Jon Jensen wrote:
> On Mon, 7 Apr 2008, Andrew Jorgensen wrote:
>> Seriously though I'm surprised at the negative tone regarding this
>> feature. I love it. One less password to remember.
> For me the suboptimal thing about sudo is lack of ssh key authentication
> support. I connect to dozens of servers without using (or even knowing)
> the passwords. And sudo isn't useful if you don't use passwords.
> If ssh key authentication support were integrated with sudo, it would be
> very nice.
The real solution (but this is hard to get right) is to use kerberos.
Kerberos tickets can be forwarded from machine to machine as you ssh,
and you can use them to grant yourself root access with the ksu command.
Of course sudo should itself be kerberos-aware too. In the sudoers
file, for example, we could require a specific kerberos ticket to allow
a user to become root.
More information about the PLUG