Help: ksu questions

Lee Eric openlinuxsource at gmail.com
Sat Jan 8 09:27:06 EST 2011


Thanks Russ. It's very clear.

Regards,

Eric

On Sat, Jan 8, 2011 at 2:11 PM, Russ Allbery <rra at stanford.edu> wrote:
> Lee Eric <openlinuxsource at gmail.com> writes:
>
>> Thanks Russ, that's very clear. BTW, I think client users shall use
>> ksu under local machine, not remote machines. Because I notice that
>> ksu will prompt me that it's unsafe if I type Kerberos password under
>> insecure connection.
>
> Yeah, ideally in Kerberos you never enter your password into any remote
> system, but always authenticate locally and then use Kerberos to
> authenticate to remote systems.  We're moving in that way (by allowing
> root logins only via GSSAPI), but the tradeoff is that you have to allow
> remote direct root logins, which makes some a bit uncomfortable.
>
> --
> Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>




More information about the Kerberos mailing list