[33076] in Kerberos
Re: Help: ksu questions
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Jan 7 23:36:24 2011
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <AANLkTik0nOkhC-OL8NoZANPHf0FreQk6ER-Ew=AOdfRt@mail.gmail.com>
(Lee Eric's message of "Sat, 8 Jan 2011 12:13:50 +0800")
Date: Fri, 07 Jan 2011 20:36:09 -0800
Message-ID: <87r5cot3k6.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Lee Eric <openlinuxsource@gmail.com> writes:
> Thanks Russ. So it looks like I don't need to leak my root password to
> client users, right?
Right, to me that's the main feature of ksu. (Of course, if they're root,
they have other ways of getting the root password if they're sufficiently
devious, but usually for me the issue is policy and procedure and inherent
risk of more people knowing something, not actually untrusted users.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
