[32626] in Kerberos
Re: Query regarding ksu.
daemon@ATHENA.MIT.EDU (Use Nas)
Thu Sep 2 02:01:37 2010
MIME-Version: 1.0
In-Reply-To: <AANLkTik0Y3ZcxEcPBS0hNZbDTajRUNtC5ds1aejeEh7G@mail.gmail.com>
Date: Thu, 2 Sep 2010 11:31:19 +0530
Message-ID: <AANLkTi=BgAhjqz9f_QHZs0s-4tm+6iOPcCWNwM+G-bHo@mail.gmail.com>
From: Use Nas <usenas@gmail.com>
To: Sam Hartman <hartmans@mit.edu>
Cc: krbdev@mit.edu, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Also, the documentation says
"If the source user is root or the target user is the source user, no
authentication or
authorization takes place. Otherwise, ksu looks for an appropriate ticket in
the
source cache."
I believe that the above statement is wrong.
-S
On Thu, Sep 2, 2010 at 11:12 AM, Use Nas <usenas@gmail.com> wrote:
> Sam,
>
> >If I ksu to a user whitout ticket I expect ksu to ask for the password
> >for which -n is supplied and/or the default that is inferred if -n is
> >not available.
>
> If there are no tickets (in cache) for the required user, ksu ( without
> using -n flag) will ask for a password, even if the source user is "root"
> .Am i correct ?
>
> -S
>
> On Thu, Sep 2, 2010 at 12:54 AM, Sam Hartman <hartmans@mit.edu> wrote:
>
>> >>>>> "Russ" == Russ Allbery <rra@stanford.edu> writes:
>>
>> Russ> Presumably if you ksu'd without a password or a ticket to
>> Russ> another user, you wouldn't get Kerberos tickets for that user
>> Russ> and it would just be acting like su. Yes, root has no special
>> Russ> ability to get tickets for another user without knowing that
>> Russ> user's credentials.
>>
>> If I ksu to a user whitout ticket I expect ksu to ask for the password
>> for which -n is supplied and/or the default that is inferred if -n is
>> not available.
>>
>> --Sam
>>
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
