Sudo w/Ticket Support petesea at
Thu May 7 17:15:11 EDT 2009

On Thu, 7 May 2009, miguel.sanders at wrote:

> Afaik that's not available yet (however, you could integrate it yourself).


> But if you already obtained a TGT, why bother authenticating again?

Because sudo prompts me.   That's what I'm trying to avoid.  I'd like sudo 
to look at my ticket cache, see that I already have a valid TGT and give 
me access without being prompted for a password.

>> But not use just use NOPASSWD.
> Last sentence should have been : "Why not use NOPASSWD?"

Main reason for not setting NOPASSWD is because I don't have control over 
the sudoers file on most of the systems I have access to.  And the SA's 
are very reluctant to use "NOPASSWD".

I believe they just want that extra layer of protection in case a 
workstation is left unattended.

I do see what you mean though.  From a security standpoint, if sudo was 
capable of using an existing TGT, that doesn't seem like it would be too 
much different then using NOPASSWD in the sudoers file.

More information about the Kerberos mailing list