restricting principals to certain commands only (like ssh's "forced command")

Frank Cusack frank+krb at
Mon Jan 31 15:57:54 EST 2011

I recently added this support and will release it shortly.

On 1/31/11 3:37 PM -0500 Mikhail T. wrote:
> Hello!
> We are using Kerberos throughout, but one feature of ssh
> "authorized_keys" feels missing...
> We'd like to be able to limit principles to only be able to execute
> certain commands.
> It would seem, that the ~/.k5users file allows that, but that is only
> consulted by ksu(1).
> How can I allow a certain key to login as myself, but only to execute a
> particular command -- not complete shell? Thanks! Yours,

More information about the Kerberos mailing list