pam_escalate

• Download
• Documentation
• FAQ

Have you ever been frustrated that the same password you use to access your computer's user account is the same password you use to perform administrative functions with sudo? Have you ever had a server environment where many system administrators needed to use su but you didn't want all of them to share a common root password? Wouldn't it be nice if each user could perform administrative and sensitive operations using a password that was separate from their own user password?

Well, this is exactly what pam_escalate does. It's a simple PAM that you can install on any of your linux or OSX systems. For each user you want to allow to escalate, you create a separate account called an escalation account. Then with a few changes to your pam configuration, su and sudo will prompt each user for the password to their escalation account before grantingaccess. If you'd like to know more, feel free to read the documentation, download the module and install it or read the FAQ.

pam_escalate is alpha software at the moment and while it has been fairly well tested and should perform as documented, it could also eat your children or have all a manner of undefined behavior. Please feel free to contact me and let me know if you find any bugs or wish to provide patches.