Date: Sat, 12 Jul 2003 10:47:47 -0400 From: "Nathan Grant" <nate@bluegrass.net> To: <freebsd-questions@freebsd.org> Subject: Sudo with Kerberos IV or V on 4.8-STABLE Message-ID: <010501c34884$8fa787f0$4800000a@nougat>
next in thread | raw e-mail | index | archive | help
I have a small LAN with a few FreeBSD-STABLE boxes on it. It mainly has two admins, my brother and myself, and we use sudo for doing tasks which must be done as root, etc. The setup right now works wonderfully, but lately it has begun to annoy me a little bit, especially when I must make changed to multiple boxes which require root privelidges. I love sudo, and if possible would like to use it as I have been using it, but have it do some sort of kerberos authentication. Namely, if i use sudo on one machine, it would perhaps create a kerberos-forwardable ticket so that the other machines would recognize that I am already authenticated to use sudo, for the next five minutes or so, just as sudo does locally. Really the only common services I have running on the FreeBSD boxes are ssh and samba, although two of them serve as nameservers for my small lan/domain. I know about ksu, and if it came down to it, I would be willing to use it, but only if the situation I have described is impossible to achieve with sudo. Any input would be much appreciated. Also, if I go with Kerberos V, which implementation seems to get better results or is more secure? MIT or heimdal? or are they about the same? Thanks, Nathan Grant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010501c34884$8fa787f0$4800000a>