Use of non-user readable (null password) private keys
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Wed Mar 28 03:48:51 EST 2001
On Tue, 27 Mar 2001, Piete Brooks wrote:
> > Example:
> ...
> > Security has now been compermised.
>
> Sure -- I can see how having user private keys readable is not a good idea.
>
> What I want is the *ABILITY* to have public `capabilities' which can perform a
> fixed operation (e.g. prod a server) which is `harmless'.
>
It really sounds like you want the extend filesystem ACL provides by
most commerical UNIXes filesystems. That would outskirt the whole 'this
key is globally public' but granting extended rights for limited
number of users to use the key.
For Solaris look at:
man getfacl
man setfacl
- Ben
More information about the openssh-unix-dev
mailing list