[6680] in Kerberos
Is this a feature
daemon@ATHENA.MIT.EDU (Wes Brown)
Sat Feb 17 10:53:06 1996
To: kerberos@MIT.EDU
Date: 17 Feb 1996 15:38:29 GMT
From: wes@prozac.student.cwru.edu (Wes Brown)
First, I am working with Kerberos IV. I know it might me fixed in Kerberos V,
but until that version is out of BETA I must deal with IV.
I decided to try something that concerned me. I put my normal pricipal in the
.klogin file for root on a machine I maintain.
Then I did the following after kiniting as myself.
Script started on Sat Feb 17 08:48:46 1996
wes on prozac<301> ~: klist
Ticket file: /tmp/tkt1001
Principal: ewb4@INS.CWRU.EDU
Issued Expires Principal
Feb 17 08:47:51 Feb 17 18:47:51 krbtgt.INS.CWRU.EDU@INS.CWRU.EDU
Feb 17 08:48:10 Feb 17 18:48:10 rcmd.prozac@INS.CWRU.EDU
wes on prozac<302> ~: rlogin -x -l root prozac
This rlogin session is using DES encryption for all data transmissions.
eklogind[27050]: ROOT LOGIN (krb) from prozac.student.cwru.edu, ewb4.@INS.CWRU.EDU.
Linux 1.2.12.
prozac:~# cat .klogin
ewb4.@INS.CWRU.EDU
prozac:~# exit
logout
Connection closed.
wes on prozac<303> ~: ksu
You are not allowed to ksu to root
wes on prozac<304> ~: exit
Script done on Sat Feb 17 08:49:41 1996
This telnet also allows me to connect as root so long as I use the kerberized
telnet and give it a -l root.
Is this a FEATURE???? Can I disable this feature or will I have to hack on
the source?
I am running the Cygnus distribution. I do not have a ewb4.root@INS.CWRU.EDU
principal. Any other questions, feal free to ask.
Wes
---
Wes Brown
ewb4@po.cwru.edu wes@prozac.student.cwru.edu
http://prozac.cwru.edu/wes/About.me.html
KB8TGR
