[19686] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: SSH as root with different principal

daemon@ATHENA.MIT.EDU (Steve Langasek)
Wed Jul 30 11:48:18 2003

Date: Wed, 30 Jul 2003 10:36:19 -0500
From: Steve Langasek <vorlon@dodds.net>
To: Lukas Kubin <kubin@opf.slu.cz>
Message-ID: <20030730153613.GD5771@dodds.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.56.0307301558120.10625@x.opf.slu.cz>
cc: Kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

On Wed, Jul 30, 2003 at 04:00:28PM +0200, Lukas Kubin wrote:

> How can I login through SSH to administer a remote server? I mean, I have
> a principal, say "user" and need to authenticate using kerberized SSH to
> become root on the remote server.
> Thank you.

If using gssapi or krb5 authentication, you would add that principal to
root's .k5login file; acquire a TGT for that user; and run
'ssh root@server' or 'ssh -l root server'.  This will grant you
Kerberos-based access to the root account.

-- 
Steve Langasek
postmodern programmer
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19686] in Kerberos

Re: SSH as root with different principal

daemon@ATHENA.MIT.EDU (Steve Langasek)Wed Jul 30 11:48:18 2003

daemon@ATHENA.MIT.EDU (Steve Langasek)
Wed Jul 30 11:48:18 2003