[haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron
- From: "Centinel" <trac@xxxxxxxxxxxx>
- Date: Tue, 03 Mar 2015 15:28:14 -0000
#11828: Look into using one-time-passwords as secondary authentication method
for
baron
-------------------------+----------------------------
Reporter: zooey | Owner: haiku-sysadmin
Type: task | Status: new
Priority: normal | Milestone:
Component: Sys-Admin | Version:
Resolution: | Keywords:
Blocked By: | Blocking:
Has a Patch: 0 | Platform: All
-------------------------+----------------------------
Comment (by Centinel):
Since sudo provides a subset of {{{su -l}}}'s functionality, it seems
ineffective to limit a part and not the whole. Then again, I'm not a
security expert, so take that as a layman's opinion. It's really a matter
of security versus convenience.
If you wanted to focus on security, you could leave OpenSUSE's default
sudo behavior in place and create an OTP seed specific to the root user.
That way, users who wanted to {{{sudo}}} or {{{su -l}}} would be required
to enter an OTP specific to the root account. It obviously wouldn't make
sudo as secure as requiring user passwords and user-specific OTPs, but it
would plug the security hole coming from su -l unprotected.
On the other hand, I am compelled to admit that restricting sudo is better
than nothing.
--
Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:24>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
