Re: draft minutes from meeting at ietf50..

To: <ietf-ssh%netbsd.org@localhost>
Subject: Re: draft minutes from meeting at ietf50..
From: Tom Holroyd <tomh%po.crl.go.jp@localhost>
Date: Mon, 23 Apr 2001 16:22:08 +0900 (JST)

On Mon, 23 Apr 2001, Markus Friedl wrote:

> this does not fork for 'interactive shell sessions', e.g. if i
> login in and type 'su'. the authentication used in the ssh connection
> is not relevant.

True (I believe I mentioned that in the part of my post you didn't quote).
So, a) don't do that, use ssh -l root, or b) is there any way to re-write
"su" so that it connects back to the ssh client machine to request
authentication?  Can su be rewritten to use the ssh-agent?  Do the ssh
protocols allow "sideband" control channels that could be opened from the
remote end?  I like a), plus setting "su" to fail for network users.  But
some of b) has interesting possibilities.

Follow-Ups:
- Re: draft minutes from meeting at ietf50..
  - From: Niels Möller

References:
- Re: draft minutes from meeting at ietf50..
  - From: Markus Friedl

Prev by Date: Re: draft minutes from meeting at ietf50..
Next by Date: Re: draft minutes from meeting at ietf50..
Previous by Thread: Re: draft minutes from meeting at ietf50..
Next by Thread: Re: draft minutes from meeting at ietf50..
Indexes:

Home | Main Index | Thread Index | Old Index