[32618] in Kerberos
Re: Query regarding ksu.
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Sep 1 13:25:43 2010
From: Russ Allbery <rra@stanford.edu>
To: Use Nas <usenas@gmail.com>
In-Reply-To: <AANLkTi==ZJ7dmZKRHo-oorKwKahfxDGkfY2_LT0suXT2@mail.gmail.com>
(Use Nas's message of "Wed, 1 Sep 2010 15:03:09 +0530")
Date: Wed, 01 Sep 2010 10:25:33 -0700
Message-ID: <87occhxto2.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: krbdev@mit.edu, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Use Nas <usenas@gmail.com> writes:
> =======
> Situation :
> =======
> Source User: root
> Target User: non_root_user
> There are no tickets in cache and currently we are logged in as "root" user.
> #ksu non_root_user
> Whats should be the expected behavior of the above command ?
> I believe that if the source user is "root" and target is "non root" &
> there is no ticket in the cache, then the it should prompt for the
> password for "non root" user. If there is ticket in the cache, then it
> doesn't prompt for the password and creates a valid context and ticket.
That sounds right to me, assuming that you mean a ticket for the target
user (not just any ticket).
> However, there is a believe that the we should be able to ksu to all the
> any non-root user ( when logged in as root ) similar to su command. but
If one wants su, I think one should just use su. "root" has no special
meaning for Kerberos, and the above behavior seems more useful to me for
ksu.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
