[NTLUG:Discuss] authentication in a script

[Chris Cox]

fredjame wrote:
...
> I have thought this one through a little further, and realize now that 
> it is sort of silly, but I'll tell you what I was I thinking anyway.
> 
> What I wanted to do:
> (1) I wanted to (semi) automate some processes (probably using expect) 
> in conjunction with other servers/hosts.
> (1-a) Unfortunately this could leave a little hole into the other 
> servers/hosts should a locally authorized user leave a terminal open.
> (1-a-i) I would have liked to include in the automation script a local 
> authentication (i.e., check your local username/password) to help ensure 
> that only locally authorized users can run the script.

See sudo.  I feel there's a solution to your needs there.  It's a great
tool for role based security implementations... and it can cache your
authorized credential for a time period so you don't have to
reauthenticate again.

> (1-a-i-1) I know, hack the script and remove the authentication, etc. - 
> this is where is starts to look really silly.
> (1-a-i-1-a) If I really got insistent and wanted to do this, it would 
> have to be in a compiled language (such as C) at a bear minimum.
> 
> So, instead of trying to snarl myself up in a complex, foolproof world, 
> I'll just try to remember that most security breaches are inside jobs 
> and user error, and go for something a little simpler like training.
> 
> Sorry, I guess I just had one of those moments.
>