sudo with kerberos
Frank Cusack
frank+krb at linetwo.net
Thu May 5 19:48:23 EDT 2011
That's terrible! You've enabled anyone to sudo without having to know the
real password. The whole point of sudo requiring a password is to make sure
that the actual user is present (e.g. didn't walk away from an open
terminal). By disabling tgt_verify, anyone can spoof a KDC response that
will be seen as valid.
On Tue, May 3, 2011 at 12:00 PM, Ubaid Rahman <ubaid.u.rahman at gsk.com>wrote:
> Got it to work!
>
> Had to disable tgt_verify option in the methods.cfg file to let sudo, su,
> telnet and ftp work!!!
>
More information about the Kerberos
mailing list