Help: ksu questions

Lee Eric openlinuxsource at
Sat Jan 8 01:09:41 EST 2011

Thanks Russ, that's very clear. BTW, I think client users shall use
ksu under local machine, not remote machines. Because I notice that
ksu will prompt me that it's unsafe if I type Kerberos password under
insecure connection.


On Sat, Jan 8, 2011 at 12:36 PM, Russ Allbery <rra at> wrote:
> Lee Eric <openlinuxsource at> writes:
>> Thanks Russ. So it looks like I don't need to leak my root password to
>> client users, right?
> Right, to me that's the main feature of ksu.  (Of course, if they're root,
> they have other ways of getting the root password if they're sufficiently
> devious, but usually for me the issue is policy and procedure and inherent
> risk of more people knowing something, not actually untrusted users.)
> --
> Russ Allbery (rra at             <>
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list