On 06/17/2016 02:20 PM, Rich Braun wrote:
I often wish sudo had functionality similar to ssh-agent: a way to require a
token established at session start, rather than a password entered every time.
That is certainly possible to configure:
man sudo:
Security policies may support credential caching to allow the user to run sudo
again for a period of time without requiring authentication. The
sudoers policy caches credentials for 5 minutes, unless overridden in
sudoers(5). By running sudo with the -v option, a user can update the
cached credentials without running a command.
man sudoers:
sudoers uses per-user time stamp files for credential caching. Once a user
has been authenticated, a record is written containing the uid that
was used to authenticate, the terminal session ID, and a time stamp (using
a monotonic clock if one is available). The user may then use sudo
without a password for a short period of time (5 minutes unless overridden
by the timeout option). By default, sudoers uses a separate record
for each tty, which means that a user's login sessions are authenticated
separately. The tty_tickets option can be disabled to force the use of
a single time stamp for all of a user's sessions.
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
