Thanks Russ. It's very clear. Regards,
Eric On Sat, Jan 8, 2011 at 2:11 PM, Russ Allbery <r...@stanford.edu> wrote: > Lee Eric <openlinuxsou...@gmail.com> writes: > >> Thanks Russ, that's very clear. BTW, I think client users shall use >> ksu under local machine, not remote machines. Because I notice that >> ksu will prompt me that it's unsafe if I type Kerberos password under >> insecure connection. > > Yeah, ideally in Kerberos you never enter your password into any remote > system, but always authenticate locally and then use Kerberos to > authenticate to remote systems. We're moving in that way (by allowing > root logins only via GSSAPI), but the tradeoff is that you have to allow > remote direct root logins, which makes some a bit uncomfortable. > > -- > Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
