Fw: ACL problems, any suggestions would be great

From: ALERT (Alert_at_sifycorp.com)
Date: 08/12/04

  • Next message: radorjan_at_ratech.net: "[Q] openssh-3.8.1p1 + radius PAM" 
    To: <robert.lanning@gmail.com>, <secureshell@securityfocus.com>
Date: Thu, 12 Aug 2004 10:47:37 +0530

    Can anybody help me in this matter?

    Is there any way to authenticate one user through key and another user
    through password?

    Any suggestions?

    Regds,
    Pravin

    ----- Original Message -----
    From: "Robert Hajime Lanning" <robert.lanning@gmail.com>
    To: <secureshell@securityfocus.com>
    Sent: Thursday, August 12, 2004 6:12 AM
    Subject: Re: ACL problems, any suggestions would be great

    > For authentication you can look into:
    >
    > RhostsRSAAuthentication yes
    > HostbasedAuthentication yes
    >
    > As for restricting to execution of a single command, I don't think
    > OpenSSH can do it.
    > I think the comercial SSH from http://www.ssh.com/ can.
    >
    > On Tue, 10 Aug 2004 13:57:35 -0400 (EDT), Bryan Loniewski
    > <brylon@jla.rutgers.edu> wrote:
    > >
    > > Here is what we'd like to do:
    > >
    > > User logs into some machine (frontend) starts pine, pine ssh's to
    another machine
    > > (backend) where their mail is actually stored in Maildir format and exec
    /etc/rimapd.
    > > We want to do this without the user having to enter a password again on
    the backend
    > > machine.
    > >
    > > Here are the problems:
    > >
    > > We don't want to use public-key.
    > > We don't want these users (the ones typing pine) to be allowed to login
    to the remote
    > > machine (backend).
    > > We don't want them to be allowed to execute any commands on the remote
    machine (with the
    > > exception of "exec /etc/rimapd".
    > >
    > > I could not come up with a solution to solve this problem with openssh.
    I started looking
    > > for other open implementations of secure shell and lsh caught my eye.
    Lsh appealed to me
    > > because you could specify a login shell for all users that would
    override the login shell
    > > in the passwd db (this was perfect since we could then create a shell
    called rimapd and
    > > it just executed /etc/rimapd). The reason I could not go with this
    solution is lsh
    > > does not have trusted host authentication mechanisms, so there was no
    way to have
    > > passwordless logins.
    > >
    > > Any suggestions?
    > >
    > > Thanks.
    > >
    > > Bryan
    > >
    >
    >
    > --
    > END OF LINE
    > -MCP
    >

  • Next message: radorjan_at_ratech.net: "[Q] openssh-3.8.1p1 + radius PAM"