[krbdev.mit.edu #7983] ksu without -e ignores .k5users for default principal
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Aug 6 12:18:25 EDT 2014
My manual test for this was:
* I have tickets for ghudson at ATHENA.MIT.EDU
* Root's .k5login contains ghudson/root at ATHENA.MIT.EDU
* Root's .k5users contains ghudson at ATHENA.MIT.EDU (with or without "*"
following)
* "ksu -n ghudson" gives me a root shell (so we know ghudson has shell
access)
* Without the fix, "ksu" asks me for a password for ghudson/root, meaning
it chose a less-preferred default principal because it didn't detect that
ghudson has access.
* With the fix, "ksu" gives me a root shell on the basis of my ghudson
tickets.
More information about the krb5-bugs
mailing list