Stuart Henderson wrote:
> >
> > Personally my take on this is that as long as it's just done as -a
> > then it's small and simple to implement (pass a string from args to
> > auth_userokay), and there's no other way to provide access to this which
> > is an important, though lesser-known, part of
I would like this. It has my OK for what it is worth here.
On 8 Dec 2015 11:41 am, "Stuart Henderson" wrote:
> On 2015/11/25 00:14, Stuart Henderson wrote:
> > On 2015/11/24 11:24, Richard Johnson wrote:
> > > We use 2-factor authn for sudo & doas, as well as for most logins.
> > > Presently, we
On 2015/11/25 00:14, Stuart Henderson wrote:
> On 2015/11/24 11:24, Richard Johnson wrote:
> > We use 2-factor authn for sudo & doas, as well as for most logins.
> > Presently, we transport Yubikey and other HOTP strings across RADIUS to an
> > otpd authserver
>
> Interesting...is that a fork of t
On 2015/11/24 11:24, Richard Johnson wrote:
> We use 2-factor authn for sudo & doas, as well as for most logins.
> Presently, we transport Yubikey and other HOTP strings across RADIUS to an
> otpd authserver
Interesting...is that a fork of the TRI-D otpd? I found the googlecode
one and a github ex
On 2015-08-27 11:16, Theo de Raadt wrote:
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you have to justify
the benefit. How many people were doing this with sudo, and how many
will need this with doas?
My current model is to use my yubi
On August 27, 2015 6:32:31 PM GMT+02:00, Ted Unangst
wrote:
>Renaud Allard wrote:
>> On 08/26/2015 06:39 PM, Michael Reed wrote:
>> > Hi Renauld,
>> >
>> > On 08/26/15 09:38, Renaud Allard wrote:
>> >> I rewrote a little bit the patch to remove a small kind-of typo in
>the manpage and remove to
On 27/08/15 21:18, Ted Unangst wrote:
Renaud Allard wrote:
I understand the difference, but we are opposed to adding new options unless a
majority of users are expected to use them.
OK, I can understand. However, it doesn't do anything normal auth can't
do, except giving the user a choice in
Renaud Allard wrote:
>
>
> On 27/08/15 18:32, Ted Unangst wrote:
>
> >
> > Sorry, I think adding an option is too much. I just committed halex's
> > original
> > diff to only change the type. I thought he was going to do that by now.
> >
>
> Hi Ted,
>
> The thing is, my patch doesn't do the s
On 27/08/15 19:30, Theo de Raadt wrote:
security model.
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you have to justify
the benefit. How many people were doing this with sudo, and how many
will need this with doas?
While I understan
On 27/08/15 19:08, Theo de Raadt wrote:
doas is a one of the few setuid programs. It should try to do a
little bit less functionality, because "doing less" is part of the
security model.
How many users of that functionality will there be?
We only need to concern ourselves with the cost; you
> > security model.
> >
> > How many users of that functionality will there be?
> >
> > We only need to concern ourselves with the cost; you have to justify
> > the benefit. How many people were doing this with sudo, and how many
> > will need this with doas?
> >
>
> While I understand it's a goo
> > How many users of that functionality will there be?
> >
> > We only need to concern ourselves with the cost; you have to justify
> > the benefit. How many people were doing this with sudo, and how many
> > will need this with doas?
> >
>
> My current model is to use my yubikey when sudo'ing.
On Thu, Aug 27, 2015 at 1:09 PM Theo de Raadt
wrote:
> > > Sorry, I think adding an option is too much. I just committed halex's
> o=
> > riginal
> > > diff to only change the type. I thought he was going to do that by
> now.=
> >
> > >
> >
> > Hi Ted,
> >
> > The thing is, my patch doesn't do th
> > Sorry, I think adding an option is too much. I just committed halex's o=
> riginal
> > diff to only change the type. I thought he was going to do that by now.=
>
> >
>
> Hi Ted,
>
> The thing is, my patch doesn't do the same thing at all as the one which
> adds auth-doas. My patch lets the u
On 27/08/15 18:32, Ted Unangst wrote:
Sorry, I think adding an option is too much. I just committed halex's original
diff to only change the type. I thought he was going to do that by now.
Hi Ted,
The thing is, my patch doesn't do the same thing at all as the one which
adds auth-doas. My
Renaud Allard wrote:
> On 08/26/2015 06:39 PM, Michael Reed wrote:
> > Hi Renauld,
> >
> > On 08/26/15 09:38, Renaud Allard wrote:
> >> I rewrote a little bit the patch to remove a small kind-of typo in the
> >> manpage and remove too long lines.
> >> So with this patch, you add the user the right
On 08/26/2015 06:39 PM, Michael Reed wrote:
Hi Renauld,
On 08/26/15 09:38, Renaud Allard wrote:
I rewrote a little bit the patch to remove a small kind-of typo in the manpage
and remove too long lines.
So with this patch, you add the user the right to choose the authentication
style and admin
Hi Renauld,
On 08/26/15 09:38, Renaud Allard wrote:
> I rewrote a little bit the patch to remove a small kind-of typo in the
> manpage and remove too long lines.
> So with this patch, you add the user the right to choose the authentication
> style and administratively, in login.conf, you can res
I rewrote a little bit the patch to remove a small kind-of typo in the
manpage and remove too long lines.
So with this patch, you add the user the right to choose the
authentication style and administratively, in login.conf, you can
restrict it.
Any comments? OK?
Index: doas.1
==
19 matches
Mail list logo
