restricting principals to certain commands only (like ssh's "forced command")

Mikhail T. mi+thun at
Mon Jan 31 15:37:48 EST 2011


We are using Kerberos throughout, but one feature of ssh 
"authorized_keys" feels missing...

We'd like to be able to limit principles to only be able to execute 
certain commands.

It would seem, that the ~/.k5users file allows that, but that is only 
consulted by ksu(1).

How can I allow a certain key to login as myself, but only to execute a 
particular command -- not complete shell? Thanks! Yours,


More information about the Kerberos mailing list