restricting principals to certain commands only (like ssh's "forced command")
mikhail_teterin at timeinc.com
Mon Jan 31 16:20:16 EST 2011
On 31.01.2011 15:57, Frank Cusack wrote:
> I recently added this support and will release it shortly.
Thank you, Frank! Will this be an extension to the .k5login syntax, or
something else? Yours,
> On 1/31/11 3:37 PM -0500 Mikhail T. wrote:
>> We are using Kerberos throughout, but one feature of ssh
>> "authorized_keys" feels missing...
>> We'd like to be able to limit principles to only be able to execute
>> certain commands.
>> It would seem, that the ~/.k5users file allows that, but that is only
>> consulted by ksu(1).
>> How can I allow a certain key to login as myself, but only to execute a
>> particular command -- not complete shell? Thanks! Yours,
More information about the Kerberos