Help: ksu questions
Russ Allbery
rra at stanford.edu
Fri Jan 7 12:52:41 EST 2011
Lee Eric <openlinuxsource at gmail.com> writes:
> Is there any special advantage to use ksu?
The main reason why we use ksu instead of su is because every person who
can su to root has their own separate /root principal with a separate
password and we want them to use those passwords instead. In many cases,
the set of people who know the actual root password is more limited than
the people who can ksu (perhaps because the formula for it is shared with
other systems those people should not be root on, for instance).
You can do this with su and an appropriate PAM configuration, or with sudo
and an appropriate PAM configuration, but it's fiddly and annoying and
it's often easier to just use ksu. Plus, you'd probably have to use my
pam-krb5 module rather than whatever came with your system, since it would
be extremely difficult to set this up without the aid of the alt_auth_map
configuration option.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list