Thanks Russ. However, i still have a doubt regarding the statement mentioned below:
However, there is a believe that the we should be able to ksu to all the any non-root user ( when logged in as root ) similar to su command. but i think it is against the design of kerberos , as we always need the password to decrypt the TGT sent by KDC. Is the above statement correct ? Thanks -S On Wed, Sep 1, 2010 at 10:55 PM, Russ Allbery <[email protected]> wrote: > Use Nas <[email protected]> writes: > > > ======= > > Situation : > > ======= > > > Source User: root > > Target User: non_root_user > > > There are no tickets in cache and currently we are logged in as "root" > user. > > #ksu non_root_user > > > Whats should be the expected behavior of the above command ? > > > I believe that if the source user is "root" and target is "non root" & > > there is no ticket in the cache, then the it should prompt for the > > password for "non root" user. If there is ticket in the cache, then it > > doesn't prompt for the password and creates a valid context and ticket. > > That sounds right to me, assuming that you mean a ticket for the target > user (not just any ticket). > > > However, there is a believe that the we should be able to ksu to all the > > any non-root user ( when logged in as root ) similar to su command. but > > If one wants su, I think one should just use su. "root" has no special > meaning for Kerberos, and the above behavior seems more useful to me for > ksu. > > -- > Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
