We have users internally that want to run sometimes as a "build" user we
have. In our pre-Kerberos we'd just add sudo's to their machines. We can
still do this, however they obviously don't get a tgt for this build
user, so they can't access any kerberized apps as this build user,
without typing in the password.

Is there any method for a principle to be allowed to obtain another
principle's tgt (given a valid tgt for the first principle)? A kind of
sudo for tgt's (Without just leaving around keytabs).


Colin Simpson
Network Manager
Concept Systems Ltd

This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original.

Kerberos mailing list Kerberos@mit.edu