restricting principals to certain commands only (like ssh's "forced command")

Frank Cusack frank+krb at linetwo.net
Mon Jan 31 15:57:54 EST 2011


I recently added this support and will release it shortly.

On 1/31/11 3:37 PM -0500 Mikhail T. wrote:
> Hello!
>
> We are using Kerberos throughout, but one feature of ssh
> "authorized_keys" feels missing...
>
> We'd like to be able to limit principles to only be able to execute
> certain commands.
>
> It would seem, that the ~/.k5users file allows that, but that is only
> consulted by ksu(1).
>
> How can I allow a certain key to login as myself, but only to execute a
> particular command -- not complete shell? Thanks! Yours,





More information about the Kerberos mailing list