Query regarding ksu.
Russ Allbery
rra at stanford.edu
Wed Sep 1 14:21:53 EDT 2010
Use Nas <usenas at gmail.com> writes:
> However, there is a believe that the we should be able to ksu to all the
> any non-root user ( when logged in as root ) similar to su command. but
> i think it is against the design of kerberos , as we always need the
> password to decrypt the TGT sent by KDC.
> Is the above statement correct ?
Presumably if you ksu'd without a password or a ticket to another user,
you wouldn't get Kerberos tickets for that user and it would just be
acting like su. Yes, root has no special ability to get tickets for
another user without knowing that user's credentials.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list