On 10/31/05, Chris Frederick <cdf123 at cdf123.net> wrote: > Hi All, > > Has anyone here ever dealt with multi-user authentication? I'm trying > to set up a system that would require two separate users to authenticate > before running certain programs. This adds a level of accountability to > the system and could be very useful. I was thinking something on the > lines of using pam_usb and sudo to control execution, but theres a > couple things that I'm a little fuzzy about. > > Is there a way that if one of the usb keys got pulled out, the programs > being run by sudo would be 'kill -9'ed? I would think this requires a custom daemon of some sort. > Can pam_usb be used to require two keys? I'm sure you could cheat, and > link the two keys using a software raid, that would make sure that you > need both. But if you wanted to require that two users out of 3 (or 4 > or 50) can use this, you would need a lot of keys and a lot of raids. > The general answer to this is yes. But I dont know the specifics of the pam_usb module. Pam lets you stack modules, even the same one multiple times, with different options. -- Jay Kline http://www.slushpupie.com/