Thank you for quick reply.
The reason we dont have passwords in passwd is because the customer have a lot of servers but no directoryservice like LDAP, NIS+. And when we install the servers we add all the users and set up ssh for them. Hopefully they soon will start to use LDAP and our task will be a lot easier.
/Jocke
It's way-clunky but you could write a wrapper script that runs as a special user (ie setuid) and does a check of the user's ssh credentials before calling sudo.
You can then set up sudoers rules with NOPASSWD for that special user.
pros:
Quick fix that might actually work
cons:
It's kind of ugly
Could be some fun and games getting the checking of ssh passphrases right without actually transmitting them plan-text at any point
If you mess up the setuid script you grant access to everything