Sudo with Kerberos IV or V on 4.8-STABLE
nate at bluegrass.net
Sat Jul 12 07:47:51 PDT 2003
I have a small LAN with a few FreeBSD-STABLE boxes on it. It mainly has
two admins, my brother and myself, and we use sudo for doing tasks which
must be done as root, etc. The setup right now works wonderfully, but
lately it has begun to annoy me a little bit, especially when I must
make changed to multiple boxes which require root privelidges. I love
sudo, and if possible would like to use it as I have been using it, but
have it do some sort of kerberos authentication. Namely, if i use sudo
on one machine, it would perhaps create a kerberos-forwardable ticket so
that the other machines would recognize that I am already authenticated
to use sudo, for the next five minutes or so, just as sudo does locally.
Really the only common services I have running on the FreeBSD boxes are
ssh and samba, although two of them serve as nameservers for my small
lan/domain. I know about ksu, and if it came down to it, I would be
willing to use it, but only if the situation I have described is
impossible to achieve with sudo. Any input would be much appreciated.
Also, if I go with Kerberos V, which implementation seems to get better
results or is more secure? MIT or heimdal? or are they about the same?
More information about the freebsd-questions