I've been migrating to Heimdal for authentication of the various services on my network. Other kerberized commands (ssh, imtest, ldapsearch) work in the usual way, but I'm having problems getting ksu to play nicely. First, yes, it is setuid on my system.
I currently have a TGT for the "[EMAIL PROTECTED]" principal: $ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: [EMAIL PROTECTED] I'm on the host "kanga.honeypot.net" which has a defined principal of "host/[EMAIL PROTECTED]" in /etc/krb5.keytab. My user principal is present in .k5login in root's home directory: # cat ~/.k5login [EMAIL PROTECTED] kirk/[EMAIL PROTECTED] However, when I try to use ksu to become root, I get this error unless I enter a password: $ ksu root's password: Sorry! If I *do* enter root's real password, then I become root exactly as if I'd used su instead of ksu. I'm kind of stuck at this point. I have everything configured correctly from what I can tell, and this should certainly be a lot easier than, say, configuring OpenLDAP and SASL. Any thoughts? -- Kirk Strauser