Fw: ACL problems, any suggestions would be great
From: ALERT (Alert_at_sifycorp.com)
To: <email@example.com>, <firstname.lastname@example.org> Date: Thu, 12 Aug 2004 10:47:37 +0530
Can anybody help me in this matter?
Is there any way to authenticate one user through key and another user
----- Original Message -----
From: "Robert Hajime Lanning" <email@example.com>
Sent: Thursday, August 12, 2004 6:12 AM
Subject: Re: ACL problems, any suggestions would be great
> For authentication you can look into:
> RhostsRSAAuthentication yes
> HostbasedAuthentication yes
> As for restricting to execution of a single command, I don't think
> OpenSSH can do it.
> I think the comercial SSH from http://www.ssh.com/ can.
> On Tue, 10 Aug 2004 13:57:35 -0400 (EDT), Bryan Loniewski
> <firstname.lastname@example.org> wrote:
> > Here is what we'd like to do:
> > User logs into some machine (frontend) starts pine, pine ssh's to
> > (backend) where their mail is actually stored in Maildir format and exec
> > We want to do this without the user having to enter a password again on
> > machine.
> > Here are the problems:
> > We don't want to use public-key.
> > We don't want these users (the ones typing pine) to be allowed to login
to the remote
> > machine (backend).
> > We don't want them to be allowed to execute any commands on the remote
machine (with the
> > exception of "exec /etc/rimapd".
> > I could not come up with a solution to solve this problem with openssh.
I started looking
> > for other open implementations of secure shell and lsh caught my eye.
Lsh appealed to me
> > because you could specify a login shell for all users that would
override the login shell
> > in the passwd db (this was perfect since we could then create a shell
called rimapd and
> > it just executed /etc/rimapd). The reason I could not go with this
solution is lsh
> > does not have trusted host authentication mechanisms, so there was no
way to have
> > passwordless logins.
> > Any suggestions?
> > Thanks.
> > Bryan
> END OF LINE