Zaar Hai wrote:
On Fri, Aug 27, 2010 at 7:06 PM, Min Wang <ser.ba...@gmail.com> wrote:
user1 can log in as local root on Linux PC1,
Even though as root, user1 can not rm /home/user2,
but he can su - user2 on Linux PC1 then rm something.
You need NFS4 with gssapi. This way to access someone's file you need
an appropriate (his) credentials from KDC (which will be hosted near
by your LDAP server).
Hi
thanks. I'm totally a newbie to this nfs4/gssapi/kerberos.
(1) does this approach
prevent user1-> root ( su-> ) user2?
(2) Or we need to change to use Kerberos instead of LDAP/PAM?
(3) And In the kerberosized environment,can the local root su to
networked user2?
kind regards
Min Wang
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4c77f5ca.6030...@gmail.com
