Use Nas <[email protected]> writes: > However, there is a believe that the we should be able to ksu to all the > any non-root user ( when logged in as root ) similar to su command. but > i think it is against the design of kerberos , as we always need the > password to decrypt the TGT sent by KDC.
> Is the above statement correct ? Presumably if you ksu'd without a password or a ticket to another user, you wouldn't get Kerberos tickets for that user and it would just be acting like su. Yes, root has no special ability to get tickets for another user without knowing that user's credentials. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
