« GNU Parted Units | Main | Stop typing passwords: Force10 / ftos »

11/04/2011

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Martin Atkins

The problem with this idea is that the password on sudo is not there to authenticate your connection -- that's what the auth handshake at connection time is for -- it's there to try to prevent attacks of the class where you walk off and leave your desktop unlocked and someone else walks up and uses your already-established session to run privileged commands.

Therefore, for the purpose that password check is intended for, you defeat the object entirely by making it just re-use the ambient connection auth credentials; you might as well just enable NOPASSWD on sudo and have done with it, since the result will ultimately be the same.

The comments to this entry are closed.