Using ksu for authenticated su-- problem

David Konerding dakoner at
Mon Apr 14 14:54:01 EDT 2008


We are trying to enable a user to execute a command as another user
when the have
the second user's credentials already.

For example, we'd like to be able to do this:

usera% kinit userb
Password for userb at EXAMPLE.COM:

now that usera has userb's credentials, we want to allow them to run a
command as userb:

userb% ksu userb -e /bin/ls /mnt/private

Now, we've be able to set up .k5login or .k5users to allow limited
versions of this.
We have no problem allowing usera to ksu to userb this way, but we
want to eliminate the
need for the userb to create .k5login or .k5users.

The reasoning is this: the .k5login and .k5users mechanism provides no
additional security for us
because we allow kerberos-based ssh login- if usera already has
userb's credentials
they can ssh to localhost and execute any command. ssh is a bit slower
(0.5 seconds compared to 0.01 seconds)
and we don't want to pay that latency.

Our thinking was to modify ksu to remove the .k5users checking
mechanism.  Does anybody know if we
can get this behavior with stock ksu without modifying .k5users?


More information about the Kerberos mailing list