[nycbug-talk] a righteous ssh hack, or how to do fine grained auth with only one login

Edward Capriolo edlinuxguru at gmail.com
Mon Oct 3 23:12:19 EDT 2011


On Mon, Oct 3, 2011 at 9:20 PM, Jesse Callaway <bonsaime at gmail.com> wrote:

>
> On Mon, Oct 3, 2011 at 6:28 PM, Marc Spitzer <mspitzer at gmail.com> wrote:
>
>> http://sitaramc.github.com/gitolite/doc/gitolite-and-ssh.html
>>
>> how does gitolite use all this ssh magic?
>>
>> These are two different questions you ought to be having by now:
>>
>>    how does it distinguish between me and someone else, since we're
>> all logging in as the same remote user "git"
>>    how does it restrict what I can do within a repository
>>
>> its a cool hack go read
>>
>> --
>> Freedom is nothing but a chance to be better.
>> --Albert Camus
>>
>>  The problem with socialism is that eventually you run out
>> of other people's money.
>> --Margaret Thatcher
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>>
>
> A really fugly hack that I've done in the past does the reverse, where this
> might be desirable. You can have individual users/passwords in the system
> and then vipw and set the user id to be the same. Totally fuggles, but works
> where you need to do this. Some would argue you don't need to do this, but
> those people were not my boss at the time.
>
> --
> -jesse
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
>
UIDs do not have to be unique however if you are using Name Server Caching
Daemon or any other process like windbind that tries to reverse id's to
users name if can confuse the heck out processes that assume the mapping is
one to one.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/talk/attachments/20111003/ea772298/attachment.html>


More information about the talk mailing list