[33077] in Kerberos
Re: Help: ksu questions
daemon@ATHENA.MIT.EDU (Lee Eric)
Sat Jan 8 01:09:48 2011
MIME-Version: 1.0
In-Reply-To: <87r5cot3k6.fsf@windlord.stanford.edu>
Date: Sat, 8 Jan 2011 14:09:41 +0800
Message-ID: <AANLkTin+xwBB4__diD=60948u_kqTCNhmuVt+4n60myz@mail.gmail.com>
From: Lee Eric <openlinuxsource@gmail.com>
To: Russ Allbery <rra@stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Thanks Russ, that's very clear. BTW, I think client users shall use
ksu under local machine, not remote machines. Because I notice that
ksu will prompt me that it's unsafe if I type Kerberos password under
insecure connection.
Eric
On Sat, Jan 8, 2011 at 12:36 PM, Russ Allbery <rra@stanford.edu> wrote:
> Lee Eric <openlinuxsource@gmail.com> writes:
>
>> Thanks Russ. So it looks like I don't need to leak my root password to
>> client users, right?
>
> Right, to me that's the main feature of ksu. (Of course, if they're root,
> they have other ways of getting the root password if they're sufficiently
> devious, but usually for me the issue is policy and procedure and inherent
> risk of more people knowing something, not actually untrusted users.)
>
> --
> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
