Harald Barth wrote:
>> Apologize for the short answer but I was in a hurry. There is no error
>> message, ksu only prints "root's password:". Even it doesn't contact the
>> KDC.
>
> It behaves that way if you don't have a ~root/.k5login. Because in that
> case there is no idea to contact the KDC if no principals are allowed
> to ksu -> it prompts for the local root password.
>
>> I've added my principal into /root/.k5login and set set uid bit on ksu
>> binary. Is it all?
>
> .k5login owner and permissions? Confusion with /.k5login and /root/.k5login?
>
>> wheel?
>
>
> /* if su:ing to root, check membership of group wheel or root; if
> that group doesn't exist, or is empty, allow anyone to su
> root */
> if(su->pw_uid == 0) {
> #ifndef ROOT_GROUP
> #define ROOT_GROUP "wheel"
> #endif
> int gs = group_member_p(ROOT_GROUP, login->pw_name);
> if(gs == GROUP_NOT_MEMBER) {
> syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
> login->pw_name, su->pw_name, ROOT_GROUP);
> return 1;
> }
> return 0;
> }
>
> So if your group stuff is different from the expected, you get something in syslog.
Syslog says nothing:-( I've added group wheel, but ksu still wants
root's password. I'm using heimdal 0.7.2 from Ubuntu Edgy Eft repository.
Michal
S/MIME Cryptographic Signature