.k5login and only allow rcp

eichin-krb@thok.org eichin-krb at thok.org
Sun Jun 16 17:17:37 EDT 2002


> Yes.  Write a shell that only allows the user to run rcp.

Or use kerberized ssh, and the command= option in the authorized keys
file (see the sshd manpage.)  There are other things you need to do
along with it (read the man page in detail), and it may not be enough
[you may have to have a constant argument string, though that may not
be a bad thing - the example in the man page uses "dump" with fixed
arguments] but it is a possible shortcut.

(Adding ksu's .k5users feature to kshd might be a wishlist item, but
it isn't there now.)



More information about the Kerberos mailing list