[32616] in Kerberos
Query regarding ksu.
daemon@ATHENA.MIT.EDU (Use Nas)
Wed Sep 1 05:33:16 2010
MIME-Version: 1.0
Date: Wed, 1 Sep 2010 15:03:09 +0530
Message-ID: <AANLkTi==ZJ7dmZKRHo-oorKwKahfxDGkfY2_LT0suXT2@mail.gmail.com>
From: Use Nas <usenas@gmail.com>
To: kerberos@mit.edu, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
=======
Situation :
=======
Source User: root
Target User: non_root_user
There are no tickets in cache and currently we are logged in as "root" user.
#ksu non_root_user
Whats should be the expected behavior of the above command ?
I believe that if the source user is "root" and target is "non root" & there
is no ticket in the cache, then the it should prompt for the password for
"non root" user. If there is ticket in the cache, then it doesn't prompt
for the password and creates a valid context and ticket.
However, there is a believe that the we should be able to ksu to all the any
non-root user ( when logged in as root ) similar to su command. but i think
it is against the design of kerberos , as we always need the password to
decrypt the TGT sent by KDC.
Please help me understand the above situation(s).
Thanks.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
