[910] in athena10
Re: [athena10] sudo
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Jan 22 16:21:26 2009
From: Sam Hartman <hartmans@MIT.EDU>
To: Jonathan Reed <jdreed@mit.edu>
Cc: Evan Broder <broder@mit.edu>, Robert Basch <rbasch@mit.edu>,
Quentin Smith <quentin@mit.edu>, Mitchell E Berger <mitchb@mit.edu>,
Greg Hudson <ghudson@mit.edu>, athena10@mit.edu
Date: Thu, 22 Jan 2009 16:19:30 -0500
In-Reply-To: <86427876-2175-4FD7-8126-721FD8F11170@mit.edu> (Jonathan Reed's
message of "Thu, 22 Jan 2009 16:14:58 -0500")
Message-ID: <tsltz7rqbrx.fsf@live.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
>>>>> "Jonathan" == Jonathan Reed <jdreed@MIT.EDU> writes:
Jonathan> On Jan 22, 2009, at 4:07 PM, Sam Hartman wrote:
>> 1) sudo may perhaps be useful in clusters. It definitely is
>> not on other machines using Kerberos for authentication that do
>> not have public root passwords.
>>
>> 2) In addition to the other reasons stated there may be concers
>> about enabling sudo in the cluster environment if it enforces a
>> user expectation that would be insecure elsewher.
Jonathan> I'm not sure what you mean by these two points.
Does sudo manage to use pam_krb5 in such a way that it actually
successfully verifies the host ticket?
