Help: ksu questions

Lee Eric openlinuxsource at
Sat Jan 8 09:27:06 EST 2011

Thanks Russ. It's very clear.



On Sat, Jan 8, 2011 at 2:11 PM, Russ Allbery <rra at> wrote:
> Lee Eric <openlinuxsource at> writes:
>> Thanks Russ, that's very clear. BTW, I think client users shall use
>> ksu under local machine, not remote machines. Because I notice that
>> ksu will prompt me that it's unsafe if I type Kerberos password under
>> insecure connection.
> Yeah, ideally in Kerberos you never enter your password into any remote
> system, but always authenticate locally and then use Kerberos to
> authenticate to remote systems.  We're moving in that way (by allowing
> root logins only via GSSAPI), but the tradeoff is that you have to allow
> remote direct root logins, which makes some a bit uncomfortable.
> --
> Russ Allbery (rra at             <>
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list