[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bigger annoyance with locking.
From: |
Trent W. Buck |
Subject: |
Re: Bigger annoyance with locking. |
Date: |
Fri, 14 Nov 2008 10:59:37 +1100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) |
"Dan Mahoney, System Admin"
<address@hidden> writes:
> The question comes up: "if I can get at your uid, why do I need your
> screen?"
In order to observe the output when I run "gpg -d" on an encrypted,
confidential file. Simply having my login password would not grant
access to GPG encrypted files.
In order to observe the output of commands run on a remote host via
ssh. Simply having my login password would not grant access to the
remote host.
If I leave ssh running inside the screen session, to actively modify the
remote host (e.g. installing your own public identity in the remote
authorized_keys file).
Similarly for other systems that require secondary passwords, such as a
remote IMAP server or a remote web application.
> Sadly, even though I am root on the systems involved -- the tweak we
> really need here is extending screen's builtin lock to support the
> password stored in .screenrc
Clearly I don't know what you're talking about, because what I *thought*
you were talking about works as you ask for.
Namely, I run :password interactively to generate a hashed password in
the default register. I use C-a ] to paste it into .screenrc, as in
password ASDFASDFASDF
Later, in either the current or a new screen session, I run
:lockscreen. It blanks the screen, changing it to
Screen used by Trent W. Buck <twb>
Password:
Screen password:
The first prompt is for my login password. The second prompt is for my
screen password.
> -- otherwise it's a whole new pam
> facility -- and PS, incidentally, pam doesn't have an easy way to say
> "use the password in this file."
echo password ASDFASDFASDF >~/.screenrc.secret
echo source ~/.screerc.secret >>~/.screenrc
- Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Micah Cowan, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Micah Cowan, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking.,
Trent W. Buck <=
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/14
- Re: Bigger annoyance with locking., Andrew Deason, 2008/11/16
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/16