restricting principals to certain commands only (like ssh's "forced command") mikhail_teterin at
Mon Jan 31 16:20:16 EST 2011

On 31.01.2011 15:57, Frank Cusack wrote:
> I recently added this support and will release it shortly.
Thank you, Frank! Will this be an extension to the .k5login syntax, or 
something else? Yours,


> On 1/31/11 3:37 PM -0500 Mikhail T. wrote:
>> Hello!
>> We are using Kerberos throughout, but one feature of ssh
>> "authorized_keys" feels missing...
>> We'd like to be able to limit principles to only be able to execute
>> certain commands.
>> It would seem, that the ~/.k5users file allows that, but that is only
>> consulted by ksu(1).
>> How can I allow a certain key to login as myself, but only to execute a
>> particular command -- not complete shell? Thanks! Yours,

More information about the Kerberos mailing list