I've been migrating to Heimdal for authentication of the various services on my network. Other kerberized commands (ssh, imtest, ldapsearch) work in the usual way, but I'm having problems getting ksu to play nicely. First, yes, it is setuid on my system.
I currently have a TGT for the "[EMAIL PROTECTED]" principal:
$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: [EMAIL PROTECTED]
I'm on the host "kanga.honeypot.net" which has a defined principal of
"host/[EMAIL PROTECTED]" in /etc/krb5.keytab. My user
principal is present in .k5login in root's home directory:
# cat ~/.k5login
[EMAIL PROTECTED]
kirk/[EMAIL PROTECTED]
However, when I try to use ksu to become root, I get this error unless I
enter a password:
$ ksu
root's password:
Sorry!
If I *do* enter root's real password, then I become root exactly as if I'd
used su instead of ksu. I'm kind of stuck at this point. I have
everything configured correctly from what I can tell, and this should
certainly be a lot easier than, say, configuring OpenLDAP and SASL. Any
thoughts?
--
Kirk Strauser
pgpnYhVYlYlnX.pgp
Description: signature
