>>>>> "Ken" == Ken Grady <[EMAIL PROTECTED]> writes:
Ken> Try the .k5user to specify what an account can run
I've been playing around with this. The content of .k5users:
tuzjfi:~# cat .k5users
[EMAIL PROTECTED] /bin/ls
Previously I had a '.k5login' with the content '[EMAIL PROTECTED]', and
doing a 'ksu' worked fine...
Trying to execute
ksu root -n [EMAIL PROTECTED] -e /bin/ls -a /
I get:
Authenticated [EMAIL PROTECTED]
ksu[3081]: 'ksu root' authenticated [EMAIL PROTECTED] for turbo on /dev/tty3
Account root: authorization for [EMAIL PROTECTED] for execution of /bin/ls
failed
ksu[3081]: Account root: authorization for [EMAIL PROTECTED] for execution of
/bin/ls failed
Ken> Turbo Fredriksson wrote:
>> I could not get AFBackup to work with multiple hosts, so I
>> wrote a little shellscript that uploads a tarball to the
>> backupserver.
>>
>> Using the user 'backup', I have managed to upload the files
>> ok. But the user can also LOGIN to the backupserver. I'd
>> prefere not to allow this. Is there some way to restrict (via
>> .k5login or other way) logins and only allow rcp?
>>
--
Peking cryptographic assassination Cocaine CIA Albanian KGB
counter-intelligence explosion strategic Ortega iodine Serbian bomb
congress
[See http://www.aclu.org/echelonwatch/index.html for more about this]
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
