why does redhat not make ksu setuid root?
Steve Langasek
vorlon at dodds.net
Mon Jul 22 21:28:12 EDT 2002
On Mon, Jul 22, 2002 at 07:37:11PM -0400, Elliot Lee wrote:
> On 22 Jul 2002 bbense+comp.protocols.kerberos.Jul.22.02 at telemark.stanford.edu wrote:
> > - ksu does a lot more than su, you can use it as replacement for
> > sudo if you are sufficiently motivated. I'm not sure PAM is
> > sufficiently flexible enough to support these added features.
> > ( Basically, you need to pass argc,argv down to the pam
> > routine. )
> sudo appears to have PAM support (allowing use of this hypothetical
> pam_k5users module), and I'm not sure it needs replacing :)
To be a replacement for ksu, this hypothetical pam_k5users module will
also need to provide passwordless access based on the presence of a valid
ticket for an authorized principal.
Steve Langasek
postmodern programmer
More information about the Kerberos
mailing list