Dave <[email protected]> writes: > We've been running Kerberos for a number of years. We've always run all > the processes (including kprop, kadmin, etc) as root. A new group has > taken over running these machines and don't want to give the Kerberos > support people root access. I've looked around but I can't find out if > Kerberos can run as a non-root user.
No reason that I can see provided that you find a way for the KDC to bind to port 88 before dropping privileges. But I don't think the code has any built-in way of doing that other than starting the KDC as root. Note, of course, that if you generally use Kerberos for authentication for your systems, your operations group is being ridiculous here. Any Kerberos KDC administrator could just change the password of one of the operations people and then gain root that way. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
