I would like this. It has my OK for what it is worth here.
On 8 Dec 2015 11:41 am, "Stuart Henderson" wrote:
> On 2015/11/25 00:14, Stuart Henderson wrote:
> > On 2015/11/24 11:24, Richard Johnson wrote:
> > > We use 2-factor authn for sudo & doas, as well as for most logins.
Stuart Henderson wrote:
> >
> > Personally my take on this is that as long as it's just done as -a
> > then it's small and simple to implement (pass a string from args to
> > auth_userokay), and there's no other way to provide access to this which
> > is an important, though lesser-known, part of
On 2015/11/25 00:14, Stuart Henderson wrote:
> On 2015/11/24 11:24, Richard Johnson wrote:
> > We use 2-factor authn for sudo & doas, as well as for most logins.
> > Presently, we transport Yubikey and other HOTP strings across RADIUS to an
> > otpd authserver
>
> Interesting...is that a fork of
On 2015-08-27 11:16, Theo de Raadt wrote:
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you have to justify
the benefit. How many people were doing this with sudo, and how many
will need this with doas?
My current model is to use my
security model.
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you have to justify
the benefit. How many people were doing this with sudo, and how many
will need this with doas?
While I understand it's a good idea to limit
On 27/08/15 19:08, Theo de Raadt wrote:
doas is a one of the few setuid programs. It should try to do a
little bit less functionality, because doing less is part of the
security model.
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you
Renaud Allard wrote:
On 08/26/2015 06:39 PM, Michael Reed wrote:
Hi Renauld,
On 08/26/15 09:38, Renaud Allard wrote:
I rewrote a little bit the patch to remove a small kind-of typo in the
manpage and remove too long lines.
So with this patch, you add the user the right to choose the
On 27/08/15 19:30, Theo de Raadt wrote:
security model.
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you have to justify
the benefit. How many people were doing this with sudo, and how many
will need this with doas?
While I
Sorry, I think adding an option is too much. I just committed halex's o=
riginal
diff to only change the type. I thought he was going to do that by now.=
Hi Ted,
The thing is, my patch doesn't do the same thing at all as the one which
adds auth-doas. My patch lets the user choose
On 27/08/15 18:32, Ted Unangst wrote:
Sorry, I think adding an option is too much. I just committed halex's original
diff to only change the type. I thought he was going to do that by now.
Hi Ted,
The thing is, my patch doesn't do the same thing at all as the one which
adds auth-doas.
On Thu, Aug 27, 2015 at 1:09 PM Theo de Raadt dera...@cvs.openbsd.org
wrote:
Sorry, I think adding an option is too much. I just committed halex's
o=
riginal
diff to only change the type. I thought he was going to do that by
now.=
Hi Ted,
The thing is, my patch doesn't do
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you have to justify
the benefit. How many people were doing this with sudo, and how many
will need this with doas?
My current model is to use my yubikey when sudo'ing. Occasionally
Renaud Allard wrote:
On 27/08/15 18:32, Ted Unangst wrote:
Sorry, I think adding an option is too much. I just committed halex's
original
diff to only change the type. I thought he was going to do that by now.
Hi Ted,
The thing is, my patch doesn't do the same thing at all
On 27/08/15 21:18, Ted Unangst wrote:
Renaud Allard wrote:
I understand the difference, but we are opposed to adding new options unless a
majority of users are expected to use them.
OK, I can understand. However, it doesn't do anything normal auth can't
do, except giving the user a choice
On August 27, 2015 6:32:31 PM GMT+02:00, Ted Unangst t...@tedunangst.com
wrote:
Renaud Allard wrote:
On 08/26/2015 06:39 PM, Michael Reed wrote:
Hi Renauld,
On 08/26/15 09:38, Renaud Allard wrote:
I rewrote a little bit the patch to remove a small kind-of typo in
the manpage and remove
On 08/26/2015 06:39 PM, Michael Reed wrote:
Hi Renauld,
On 08/26/15 09:38, Renaud Allard wrote:
I rewrote a little bit the patch to remove a small kind-of typo in the manpage
and remove too long lines.
So with this patch, you add the user the right to choose the authentication
style and
Hi Renauld,
On 08/26/15 09:38, Renaud Allard wrote:
I rewrote a little bit the patch to remove a small kind-of typo in the
manpage and remove too long lines.
So with this patch, you add the user the right to choose the authentication
style and administratively, in login.conf, you can
I rewrote a little bit the patch to remove a small kind-of typo in the
manpage and remove too long lines.
So with this patch, you add the user the right to choose the
authentication style and administratively, in login.conf, you can
restrict it.
Any comments? OK?
Index: doas.1
18 matches
Mail list logo