sudo with kerberos

Frank Cusack frank+krb at linetwo.net
Thu May 5 19:48:23 EDT 2011


That's terrible!  You've enabled anyone to sudo without having to know the
real password.  The whole point of sudo requiring a password is to make sure
that the actual user is present (e.g. didn't walk away from an open
terminal).  By disabling tgt_verify, anyone can spoof a KDC response that
will be seen as valid.

On Tue, May 3, 2011 at 12:00 PM, Ubaid Rahman <ubaid.u.rahman at gsk.com>wrote:

> Got it to work!
>
> Had to disable tgt_verify option in the methods.cfg file to let sudo, su,
> telnet and ftp work!!!
>



More information about the Kerberos mailing list