k5login & root - Kerberos

This is a discussion on k5login & root - Kerberos ; It looks as if root needs to be a principal in the realm, before using a k5login file to allow users to become root. Is this correct? Assuming that it is, I want root's password to be managed locally (i.e ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: k5login & root

  1. k5login & root

    It looks as if root needs to be a principal in the
    realm, before using a k5login file to allow users to
    become root. Is this correct? Assuming that it is, I
    want root's password to be managed locally (i.e not
    via kerberos), is there a way to do this? I would
    guess it might involve a keytab?

    thanks in advance,

    Steven


    __________________________________________________ __________________________________
    Be a better friend, newshound, and
    know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i...Dypao8Wcj9tAcJ


  2. Re: k5login & root

    >>>>> "SM" == Steven Miller writes:

    SM> It looks as if root needs to be a principal in the realm, before
    SM> using a k5login file to allow users to become root. Is this
    SM> correct?

    No -- root is a Unix account to which you are giving certain principals
    access, but placing those principals' names in ~root/.5login. There's no
    need for a principal corresponding to the root account.

    SM> Assuming that it is, I want root's password to be managed
    SM> locally (i.e not via kerberos), is there a way to do this? I would
    SM> guess it might involve a keytab?

    SM> thanks in advance,

    SM> Steven


    SM> __________________________________________________ __________________________________
    SM> Be a better friend, newshound, and know-it-all with Yahoo! Mobile.
    SM> Try it now.
    SM> http://mobile.yahoo.com/;_ylt=Ahu06i...Dypao8Wcj9tAcJ


    --
    Richard Silverman
    res@qoxp.net


  3. Re: k5login & root

    There might be one exception. If I remember right to login onto
    OpenSolaris/Solaris 10 with a non kerberised client (e.g. console) using
    pam_krb5 requires a root principal to login as root or at least have a dummy
    root principal key in the keytab to pass to the next pam module.

    Markus

    "Richard E. Silverman" wrote in message
    news:m2mypkv6dt.fsf@darwin.oankali.net...
    >>>>>> "SM" == Steven Miller writes:

    >
    > SM> It looks as if root needs to be a principal in the realm, before
    > SM> using a k5login file to allow users to become root. Is this
    > SM> correct?
    >
    > No -- root is a Unix account to which you are giving certain principals
    > access, but placing those principals' names in ~root/.5login. There's no
    > need for a principal corresponding to the root account.
    >
    > SM> Assuming that it is, I want root's password to be managed
    > SM> locally (i.e not via kerberos), is there a way to do this? I would
    > SM> guess it might involve a keytab?
    >
    > SM> thanks in advance,
    >
    > SM> Steven
    >
    >
    > SM>
    > __________________________________________________ __________________________________
    > SM> Be a better friend, newshound, and know-it-all with Yahoo! Mobile.
    > SM> Try it now.
    > SM> http://mobile.yahoo.com/;_ylt=Ahu06i...Dypao8Wcj9tAcJ
    >
    >
    > --
    > Richard Silverman
    > res@qoxp.net
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >




+ Reply to Thread