Mac OS X-like admin authentication
Jeremy Dreese
jdreese at bucknell.edu
Thu Apr 24 18:12:59 EDT 2003
I've been thinking for awhile now that there must be some way to use sudo and
pam to allow users to authenticate when running applications via
point-and-click (as opposed to from the command line). For those familiar
with Mac OS X, this is pretty much what OS X does. When you run an app that
requires administrator access and assuming your account is listed as an
"administrator", it pops up a window asking you for *your* password; it then
runs the app as administrator/root. In concept this is somewhat similar to
sudo. You run an app using sudo; it asks you for *your* password (assuming
you're not using the NOPASSWD option) and allows you to run the app as
root/administrator.
I'm thinking that sudo could be combined somehow into a pam module such that
the pam module checks the sudoers table to see if the user running the app has
permission to run that particular app. If so, it pops up a dialog asking for
the user's password. Pretty much the same idea was discussed here:
http://www.sudo.ws/mailman/htdig/sudo-workers/2002-September/000256.html
but I don't see any sort of resolution. Anybody know if this has been done or
if someone is working on this?
Thanks.
More information about the sudo-users
mailing list