Re: PPP, Mount/Unmount
- From: "Michael K. Johnson" <johnsonm redhat com>
- To: gnome-list gnome org
- Subject: Re: PPP, Mount/Unmount
- Date: Wed, 11 Aug 1999 16:40:34 -0400
Michael Dennis writes:
>I agree that we don't want to sacrifice Linux security for ease of use, but maybe
>someone could come up with a creative way to deal with both. My ideas obviously
>don't cover every base but maybe they can stimulate some thought on something
>that I think is a bit tricky for a novice user and that they commonly need to do.
I think I'm going to create a cron job to post this to gnome-list
every day... I have posted this text before; those who have read
it can quit now.
In Red Hat Linux, we have a tool which other distributions could
easily pick up as long as they have PAM. It is a small wrapper
package that has a non-setuid gui part and a tiny setuid non-gui
part that tells the gui part what to display and gets input back
from the gui part. In addition, the fact that it uses PAM means
that it can be used for nearly arbitrary kinds of authentication.
It *also* happens to work essentially transparently -- the calling
application would run, say, /usr/bin/foo, which would authenticate
the user, then run /usr/sbin/foo. What's nice is that this can be
set up to ask for passwords, or demand passwords only if the user
is not at the system console, or *however the sysadmin wants it
to be set up on a per-machine AND per-application basis*. I can
improve the wrapper as needed to meet new needs better; I know of
one improvement I need already...
michaelkjohnson
"Magazines all too frequently lead to books and should be regarded by the
prudent as the heavy petting of literature." -- Fran Lebowitz
Linux Application Development http://people.redhat.com/johnsonm/lad/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
