Date: Wed, 30 Jun 2004 17:24:36 -0500 From: Kirk Strauser <kirk@strauser.com> To: freebsd-questions@freebsd.org Subject: ksu not working as expected Message-ID: <200406301724.46345.kirk@strauser.com>
next in thread | raw e-mail | index | archive | help
--Boundary-02=_u2z4AO1IIZG+M4r
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
I've been migrating to Heimdal for authentication of the various services o=
n=20
my network. Other kerberized commands (ssh, imtest, ldapsearch) work in=20
the usual way, but I'm having problems getting ksu to play nicely. First,=
=20
yes, it is setuid on my system.
I currently have a TGT for the "kirk@HONEYPOT.NET" principal:
$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: kirk@HONEYPOT.NET
I'm on the host "kanga.honeypot.net" which has a defined principal of=20
"host/kanga.honeypot.net@HONEYPOT.NET" in /etc/krb5.keytab. My user=20
principal is present in .k5login in root's home directory:
# cat ~/.k5login
kirk@HONEYPOT.NET
kirk/*@HONEYPOT.NET
However, when I try to use ksu to become root, I get this error unless I=20
enter a password:
$ ksu
root's password:
Sorry!
If I *do* enter root's real password, then I become root exactly as if I'd=
=20
used su instead of ksu. I'm kind of stuck at this point. I have=20
everything configured correctly from what I can tell, and this should=20
certainly be a lot easier than, say, configuring OpenLDAP and SASL. Any=20
thoughts?
=2D-=20
Kirk Strauser
--Boundary-02=_u2z4AO1IIZG+M4r
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
iD8DBQBA4z2u5sRg+Y0CpvERAqBOAJ9NTqBGX2OOGw4tXRu8QwpOEW33+QCdFuES
cDSJ4Jn+2STOrrPSVtca9E0=
=tHE+
-----END PGP SIGNATURE-----
--Boundary-02=_u2z4AO1IIZG+M4r--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406301724.46345.kirk>