r/doas: Configure sudo alternative
In the spirit of replacing bloated tools with unnecessary functionality with smaller, more focused alternatives, we can use `doas` instead of `sudo`. Originally, it was a BSD tool, but the Linux port supports PAM, so we can still use `pam_auth_ssh_agent` for ppasswordless authentication.
This commit is contained in:
7
roles/doas/files/pam.conf
Normal file
7
roles/doas/files/pam.conf
Normal file
@@ -0,0 +1,7 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_ssh_agent_auth.so file=/etc/security/doas.authorized_keys
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session optional pam_keyinit.so revoke
|
||||
session required pam_limits.so
|
||||
session include system-auth
|
||||
Reference in New Issue
Block a user