Query regarding ksu.

Use Nas usenas at gmail.com
Thu Sep 2 02:01:19 EDT 2010


Also, the documentation says
"If the source user is root or the target user is the source user, no
authentication or
authorization takes place. Otherwise, ksu looks for an appropriate ticket in
the
source cache."

I believe that the above statement is wrong.

-S

On Thu, Sep 2, 2010 at 11:12 AM, Use Nas <usenas at gmail.com> wrote:

> Sam,
>
> >If I ksu to a user whitout ticket I expect ksu to ask for the password
> >for which -n is supplied and/or the default that is inferred if -n is
> >not available.
>
> If there are no tickets (in cache) for the required user, ksu ( without
> using -n flag) will ask for a password, even if the source user is "root"
> .Am i correct ?
>
> -S
>
> On Thu, Sep 2, 2010 at 12:54 AM, Sam Hartman <hartmans at mit.edu> wrote:
>
>> >>>>> "Russ" == Russ Allbery <rra at stanford.edu> writes:
>>
>>    Russ> Presumably if you ksu'd without a password or a ticket to
>>    Russ> another user, you wouldn't get Kerberos tickets for that user
>>    Russ> and it would just be acting like su.  Yes, root has no special
>>    Russ> ability to get tickets for another user without knowing that
>>    Russ> user's credentials.
>>
>> If I ksu to a user whitout ticket I expect ksu to ask for the password
>> for which -n is supplied and/or the default that is inferred if -n is
>> not available.
>>
>> --Sam
>>
>
>



More information about the Kerberos mailing list