I have a working kdc on my LAN and use OpenSSH's "gssapi-with-mic" authentication to connect to other machines. However, I can't use /usr/bin/ksu to su to root without entering root's password, even if I have a current, valid ticket and am listed in root's .k5login;
$ sudo cat /root/.k5login
# $FreeBSD: src/etc/root/dot.k5login,v 1.1 2003/04/30 20:58:49 markm Exp $
#
# user1/[EMAIL PROTECTED]
# user2/[EMAIL PROTECTED]
[EMAIL PROTECTED]
$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: [EMAIL PROTECTED]
Issued Expires Principal
Mar 19 13:41:03 Mar 19 23:41:03 krbtgt/[EMAIL PROTECTED]
$ ksu
root's password:
Sorry!
Shouldn't that be sufficient to allow me to become root without entering any
passwords, or am I missing something? This is somewhat exacerbated by the
fact that I can't seem to find ksu's man page or other documentation on my
system.
--
Kirk Strauser
pgp8NMTEsNFFF.pgp
Description: PGP signature
