.k5login and only allow rcp

[Turbo Fredriksson]

>>>>> "Ken" == Ken Grady <klg at lanl.gov> writes:

    Ken>     Try the .k5user to specify what an account can run

I've been playing around with this. The content of .k5users:

        tuzjfi:~# cat .k5users
        turbo at BAYOUR.com /bin/ls

Previously I had a '.k5login' with the content 'turbo at BAYOUR.COM', and
doing a 'ksu' worked fine...

Trying to execute

        ksu root -n turbo at BAYOUR.COM -e /bin/ls -a /

I get:

        Authenticated turbo at BAYOUR.COM
        ksu[3081]: 'ksu root' authenticated turbo at BAYOUR.COM for turbo on /dev/tty3
        Account root: authorization for turbo at BAYOUR.COM for execution of /bin/ls failed
        ksu[3081]: Account root: authorization for turbo at BAYOUR.COM for execution of /bin/ls failed


    Ken> Turbo Fredriksson wrote:

    >> I could not get AFBackup to work with multiple hosts, so I
    >> wrote a little shellscript that uploads a tarball to the
    >> backupserver.
    >> 
    >> Using the user 'backup', I have managed to upload the files
    >> ok. But the user can also LOGIN to the backupserver. I'd
    >> prefere not to allow this. Is there some way to restrict (via
    >> .k5login or other way) logins and only allow rcp?
    >> 




-- 
Peking cryptographic assassination Cocaine CIA Albanian KGB
counter-intelligence explosion strategic Ortega iodine Serbian bomb
congress
[See http://www.aclu.org/echelonwatch/index.html for more about this]