linux下双授权认证的问题

johnzw

hello everyone!

For some important business system, you should use dual-authorize authentication in these system. the mean is if you need use the system root account, you can't login system by your single password, there need another person's password  combine your password login the important system. It is not separate root's password into two parts, 1st part you have, 2st part I have. I mean that we should login two user account before use root account.
In IBM AIX system:
For example:
1st you should creat two person's account in AIX system, john  & cici
2st compile /etc/security/user   in "root" segment, find "auth1" and modify it :
     auth1 = SYSTEM;root,SYSTEM;john,SYSTEM;cici
save and exit

test it.

login:root
root's Password: (input the root's password)
john's Password: (john input himself password)
cici's Password: (cici input herself password)

all of the three passwords must input correct, then you can login the system.

now I want to ask a question that if I want to implement dual-authorize authentication in linux system ,what should I do ? thanks everyone!

johnzw

There is nobody answer this question??

linuxexpert

I don't think it can be done by changing the configuration file of 'login' program in Linux,
probably you have to hack the source code of login and rewrite it.

johnzw

thanks upstairs, I think it too.

kenduest

原帖由 linuxexpert 于 2007-2-15 15:32 发表于 3楼  
I don't think it can be done by changing the configuration file of 'login' program in Linux,
probably you have to hack the source code of login and rewrite it.

应该不需要改 login program 的 source code，但是有机会需要改的是 pam 配置，而且自己写个 pam module 提供该功能。

--

lunchan

adding script into the /etc/passwd login script, and the script should look like

1. 
   
2. su <user1>
   
3. su <user2>
   
4. su root
   

复制代码

johnzw

upstairs, good idea! I will try it. thanks