Professional Web Applications Themes

ksu doesn't use my ticket - FreeBSD

I have a working kdc on my LAN and use OpenSSH's "gssapi-with-mic" authentication to connect to other machines. However, I can't use /usr/bin/ksu to su to root without entering root's password, even if I have a current, valid ticket and am listed in root's .k5login; $ sudo cat /root/.k5login # $FreeBSD: src/etc/root/dot.k5login,v 1.1 2003/04/30 20:58:49 markm Exp $ # # user1/REALM.WHEREVER # user2/REALM.WHEREVER NET $ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: NET Issued Expires Principal Mar 19 13:41:03 Mar 19 23:41:03 krbtgt/NET $ ksu root's password: Sorry! Shouldn't that be sufficient to allow me to become root without entering any passwords, ...

  1. #1

    Default ksu doesn't use my ticket

    I have a working kdc on my LAN and use OpenSSH's "gssapi-with-mic"
    authentication to connect to other machines. However, I can't
    use /usr/bin/ksu to su to root without entering root's password, even if I
    have a current, valid ticket and am listed in root's .k5login;

    $ sudo cat /root/.k5login
    # $FreeBSD: src/etc/root/dot.k5login,v 1.1 2003/04/30 20:58:49 markm Exp $
    #
    # user1/REALM.WHEREVER
    # user2/REALM.WHEREVER
    NET

    $ klist
    Credentials cache: FILE:/tmp/krb5cc_1000
    Principal: NET

    Issued Expires Principal
    Mar 19 13:41:03 Mar 19 23:41:03 krbtgt/NET

    $ ksu
    root's password:
    Sorry!

    Shouldn't that be sufficient to allow me to become root without entering any
    passwords, or am I missing something? This is somewhat exacerbated by the
    fact that I can't seem to find ksu's man page or other doentation on my
    system.
    --
    Kirk Strauser

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQBCPIN+5sRg+Y0CpvERAtpiAJ9RiLYoB+w2kdB3eekBf8 GhJdlm7gCgjVkc
    /j6xXpRc4CCuLJOnR/j5/VU=
    =Xnys
    -----END PGP SIGNATURE-----

    Kirk Guest

  2. #2

    Default Re: ksu doesn't use my ticket

    On Sat, Mar 19, 2005 at 01:53:58PM -0600, Kirk Strauser wrote: 

    The ksu from the mit-krb5 port works the way you expect it to.

    -T


    --
    "You can have peace. Or you can have freedom. Don't ever count on having
    both at once."
    -- Robert Heinlein
    Tillman Guest

  3. #3

    Default Re: ksu doesn't use my ticket

    On Saturday 19 March 2005 02:22 pm, Tillman Hodgson wrote:
     

    Thanks for the info. Any idea why the one in the base system wouldn't,
    though? I'm loathe to replace the working installation if I don't have to.
    --
    Kirk Strauser

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (FreeBSD)

    iD8DBQBCPOWs5sRg+Y0CpvERAuDBAJ9TVBqB23psIEn99yObG1 Kbu2aLjgCeK6JD
    tLcGv4QmSE3pQ++SbX6Cbl8=
    =a3Kr
    -----END PGP SIGNATURE-----

    Kirk Guest

  4. #4

    Default Re: ksu doesn't use my ticket

    On Sat, Mar 19, 2005 at 08:53:18PM -0600, Kirk Strauser wrote: 
    >
    > Thanks for the info. Any idea why the one in the base system wouldn't,
    > though? I'm loathe to replace the working installation if I don't have to.[/ref]

    No need to replace it -- mit-krb5 installs into /usr/local (unless you
    move it with /etc/make.conf). It won't overlap with your base system
    Kerberos bits at all. Then, once it's installed, you can
    "alias ksu='usr/local/bin/ksu'".

    The Heimdal in the base system isn't complete in any case, so if you
    decide to go whole-hog for Kerberos you'll want one of (or both of) the
    ports installed.

    -T

    --
    "Beauty is not diminished by being shared."
    -- Robert Heinlein
    Tillman Guest

Similar Threads

  1. Budget air ticket.
    By ptwilliams in forum Windows Server
    Replies: 0
    Last Post: June 14th, 04:41 PM
  2. kdc ticket auditing
    By Mary in forum Windows Server
    Replies: 0
    Last Post: June 9th, 02:31 PM
  3. Virtual Directory doesn't recognize auth ticket!
    By Alioop via .NET 247 in forum ASP.NET Security
    Replies: 0
    Last Post: May 5th, 05:01 PM
  4. Golden Ticket
    By sirlenoir in forum Adobe Photoshop 7, CS, CS2 & CS3
    Replies: 4
    Last Post: June 27th, 06:23 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139