Query about an admin testing a user's creds

Coy Hile coy.hile at coyhile.com
Thu Dec 27 06:36:37 EST 2007


Hello all,

We've got an interesting situation at my employer.

If we need to test, for example, that a user is actually getting a TGT,
we need to inform the user that we're changing their password
temporarily, change it, authenticate as them directly, and then have
them change it back.  We've all been wondering aloud whether there is
some way for an admin to get creds as a user directly (Eg, something
like su - user which actually does a kinit as that user).  Has
something along those lines been implemented?  If not, what's the
reasoning behind it not being so implemented? (I'm perfectly happy to
accept "Because it's Really Stupid(tm) for the follwing reasons..." as
an answer too :))

(Please retain the cc: on any reply as my work address is not on-list,
only my personal address.)

Thanks.

-- 
Coy Hile
coy.hile at coyhile.com



More information about the Kerberos mailing list