From owner-freebsd-questions@FreeBSD.ORG  Sat Jul 12 07:47:51 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DDD0D37B401
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Jul 2003 07:47:50 -0700 (PDT)
Received: from mail.bluegrass.net (mail.bluegrass.net [216.135.64.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3C77743FBF
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Jul 2003 07:47:50 -0700 (PDT)
	(envelope-from nate@bluegrass.net)
Received: from nougat (nougat.laundered.net [216.135.85.72])
	by mail.bluegrass.net (Postfix) with ESMTP id 5F5AC642607
	for <freebsd-questions@freebsd.org>;
	Sat, 12 Jul 2003 10:47:49 -0400 (EDT)
From: "Nathan Grant" <nate@bluegrass.net>
To: <freebsd-questions@freebsd.org>
Date: Sat, 12 Jul 2003 10:47:47 -0400
Message-ID: <010501c34884$8fa787f0$4800000a@nougat>
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Sudo with Kerberos IV or V on 4.8-STABLE
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2003 14:47:51 -0000

I have a small LAN with a few FreeBSD-STABLE boxes on it.  It mainly has
two admins, my brother and myself, and we use sudo for doing tasks which
must be done as root, etc.  The setup right now works wonderfully, but
lately it has begun to annoy me a little bit, especially when I must
make changed to multiple boxes which require root privelidges.  I love
sudo, and if possible would like to use it as I have been using it, but
have it do some sort of kerberos authentication.  Namely, if i use sudo
on one machine, it would perhaps create a kerberos-forwardable ticket so
that the other machines would recognize that I am already authenticated
to use sudo, for the next five minutes or so, just as sudo does locally.
Really the only common services I have running on the FreeBSD boxes are
ssh and samba, although two of them serve as nameservers for my small
lan/domain.  I know about ksu, and if it came down to it, I would be
willing to use it, but only if the situation I have described is
impossible to achieve with sudo.  Any input would be much appreciated.
Also, if I go with Kerberos V, which implementation seems to get better
results or is more secure? MIT or heimdal? or are they about the same?
 
 
Thanks, 
Nathan Grant