Help: ksu questions g.w at
Tue Jan 11 12:59:54 EST 2011

On Jan 8,  2:09pm, Lee Eric wrote:
} Subject: Re: Help: ksu questions

Good morning, hope the day is going well for everyone.

> Thanks Russ, that's very clear. BTW, I think client users shall use
> ksu under local machine, not remote machines. Because I notice that
> ksu will prompt me that it's unsafe if I type Kerberos password
> under insecure connection.

Theoretically in a tight Kerberos authentiction environment one never
wants to type a password into a remote machine since it may be

We put out a patchset just before Christmas to allow sudo mediated
privilege escalation in a Kerberos friendly fashion using OpenSSH.  I
don't know how much control you have over your toolchain or if sudo is
a possibility for you.

The following URL has the patchset:

The SSH portion of the patch provides a framework for exporting a
short-lived Kerberos authentication packet to the remote side of a
connection.  The sudo portion of the patch has support for
authenticating the privilege escalation using the exported packet.

> Eric

Good luck with your systems efforts.

Have a good week.

}-- End of excerpt from Lee Eric

As always,
Greg Wettstein

			 The Hurderos Project
         Open Identity, Service and Authorization Management

"The software said it required Windows 3.1 or better so I installed Linux."
                                -- Mark MaClark

More information about the Kerberos mailing list