[prev in list] [next in list] [prev in thread] [next in thread]
List: sudo-users
Subject: [sudo-users] Avoid to input the password twice at login time
From: Daniele Palumbo <daniele () retaggio ! net>
Date: 2022-09-13 22:15:38
Message-ID: 4FF6E339-CC3E-4F5A-BC84-25AA7E078C76 () retaggio ! net
[Download RAW message or body]
Hi,
We are into a scenario where the company would require (setting taken from CIS) to \
always use `authenticate` option for humans.
At the same time, `timestamp_timeout` is allowed.
As use case, this is making sense if someone always prepend sudo when an admin \
command must be executed (let's say, "Ubuntu style").
I wish to configure the OS (speaking of Linux, hopefully this works for other OS) as \
follows: 1) who is logging in via ssh keys (not a password, not controllable) will be \
required to input the password after the login, 2) Who is logging in via password \
(eg LDAP, local user) will have the password cached.
Is it doable as of today?
If not, could make sense to have a sudo pam module which check if a password has been \
used (this is known by pam) and if so store it in the sudo cache?
Thank you very much,
Daniel
____________________________________________________________
sudo-users mailing list <sudo-users@sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic