Granting su rights to users? Using PAM and Kerberos...

[Daniel B. Thurman]

>From: fedora-list-bounces at redhat.com
>[mailto:fedora-list-bounces at redhat.com]On Behalf Of Dan
>Sent: Monday, November 21, 2005 10:21 PM
>To: For users of Fedora Core releases
>Subject: Re: Granting su rights to users? Using PAM and Kerberos...
>
>
>On Tue, November 22, 2005 7:12 am, Daniel B. Thurman wrote:
>>
>> Hmm..  I enabled Kerberos and setup pam files to use kerberos
>> authenications, and I also added root principal (root at REALM) 
>but I am still
>> being prevented as a normal user to use 'su'
>>
>
>I am running FC4 with Kerberos and regularly use su (aswell as ksu).
>
>> I have been all over google and tried to find a solution but there
>> was none to be found.  I did see for BSD that you can use 
>the kdb_edit
>> command to add per user , root permissions but I think that is for
>> Kerberos IV only.
>>
>
>Do your system logs show anything? In particular /var/log/messages and
>/var/log/secure.
>
>>
>> I am beginning to wonder if kerberos is even worth it anymore or
>> if it is being replaced with something else like the 
>Directory Service? No
>> one seems to be talking much about kerberos in this 
>newsgroup so it seems.
>>
>
>Kerberos is worth it IMO, as it is the only solution to provide single
>sign on under Linux or UNIX systems.
>
>>
>> Anyway - can someone please shed some light here so that
>> I can at least su root as a normal user?
>>
>>
>> Kind regards,
>> Dan Thurman
>>
>>
>
>Cheers,
>
>Dan
>

Thanks for responding, Dan.  A respondent asked me to see
if perhaps /bin/su was in mode 4755 and it wasn't so that
was the reason for the denial of su root by a normal user.

I guess my /bin and /sbin and who knows where else has improper
chmod/chown settings.  Need to figure out how to restore these.

Kind regards,
Dan

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.5/177 - Release Date: 11/21/2005