These are various privilege management tools that I either find useful or that I think would be useful to look at.
- sudo_pair: A plugin for
sudowhich requires another user to approve the session and also allows the approving user to monitor the session.
- Google HIBA: HIBA is a system built on top of regular OpenSSH certificate-based authentication that allows to manage flexible authorization of principals on pools of target hosts without the need to push customized authorized_users files periodically. Announced on the Google Open Source Blog here.
- Vouch Proxy: An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once.
- Pomerium: Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you’d typically reach for a VPN. Freemium model.
- Authelia: Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik or HAProxy to let them know whether requests should either be allowed or redirected to Authelia’s portal for authentication.