Hi Folks, I integrated Uber's pam-ussh module in Tatu. With this, if the user's SSH certificate is revoked while they're logged into the VM, they lose sudo access (btw, I don't know how to close their session, which would be even better). Here's the demo video: https://youtu.be/yjwWdYJRTM0 Here's my pull request to add KRL support (from https://github.com/stripe/krl) to pam-ussh: https://github.com/uber/pam-ussh/pull/10 And here's the Tatu code-review: https://review.openstack.org/#/c/549389/ cheers, Pino -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180303/d80a6f96/attachment.html>