ksu not working as expected
Kirk Strauser
kirk at strauser.com
Wed Jun 30 15:25:11 PDT 2004
I've been migrating to Heimdal for authentication of the various services on
my network. Other kerberized commands (ssh, imtest, ldapsearch) work in
the usual way, but I'm having problems getting ksu to play nicely. First,
yes, it is setuid on my system.
I currently have a TGT for the "kirk at HONEYPOT.NET" principal:
$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: kirk at HONEYPOT.NET
I'm on the host "kanga.honeypot.net" which has a defined principal of
"host/kanga.honeypot.net at HONEYPOT.NET" in /etc/krb5.keytab. My user
principal is present in .k5login in root's home directory:
# cat ~/.k5login
kirk at HONEYPOT.NET
kirk/*@HONEYPOT.NET
However, when I try to use ksu to become root, I get this error unless I
enter a password:
$ ksu
root's password:
Sorry!
If I *do* enter root's real password, then I become root exactly as if I'd
used su instead of ksu. I'm kind of stuck at this point. I have
everything configured correctly from what I can tell, and this should
certainly be a lot easier than, say, configuring OpenLDAP and SASL. Any
thoughts?
--
Kirk Strauser
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040630/d85eb74f/attachment.bin
More information about the freebsd-questions
mailing list