I've been migrating to Heimdal for authentication of the various services on 
my network.  Other kerberized commands (ssh, imtest, ldapsearch) work in 
the usual way, but I'm having problems getting ksu to play nicely.  First, 
yes, it is setuid on my system.

I currently have a TGT for the "[EMAIL PROTECTED]" principal:

    $ klist
    Credentials cache: FILE:/tmp/krb5cc_1000
            Principal: [EMAIL PROTECTED]

I'm on the host "kanga.honeypot.net" which has a defined principal of 
"host/[EMAIL PROTECTED]" in /etc/krb5.keytab.  My user 
principal is present in .k5login in root's home directory:

    # cat ~/.k5login

However, when I try to use ksu to become root, I get this error unless I 
enter a password:

    $ ksu
    root's password:

If I *do* enter root's real password, then I become root exactly as if I'd 
used su instead of ksu.  I'm kind of stuck at this point.  I have 
everything configured correctly from what I can tell, and this should 
certainly be a lot easier than, say, configuring OpenLDAP and SASL.  Any 
Kirk Strauser

Attachment: pgpnYhVYlYlnX.pgp
Description: signature

Reply via email to