From owner-freebsd-questions@FreeBSD.ORG Sat Apr 2 00:20:53 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F5EE106566B for ; Sat, 2 Apr 2011 00:20:53 +0000 (UTC) (envelope-from christopher-ml@telting.org) Received: from mail.telting.org (mail.telting.org [204.109.56.249]) by mx1.freebsd.org (Postfix) with ESMTP id 3F3448FC0A for ; Sat, 2 Apr 2011 00:20:53 +0000 (UTC) Received: from apollo.local (cpe-76-168-204-255.socal.res.rr.com [76.168.204.255]) by mail.telting.org (Postfix) with ESMTP id 926C72AA7D for ; Sat, 2 Apr 2011 00:20:52 +0000 (UTC) Message-ID: <4D966BE3.50807@telting.org> Date: Fri, 01 Apr 2011 17:20:51 -0700 From: Chris Telting User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.15) Gecko/20110305 Thunderbird/3.1.9 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Kerberos and su to root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Apr 2011 00:20:53 -0000 I have multiple systems and jails at my home. I would very much like to implement a single sign on strategy with kerberos. I think it's safer than having private keys on every single box. I can easily do this for shh user logins to multiple boxes. But I like to sign in as a user and then su to root when I get there. (Forget about sudo, I am administering these boxes and don't want to type sudo for every single command, it's not a user machine). From what I understand of Kerberos I would need change identity and type a password every time I ksu which is what I'm trying to avoid. Am I right that it is imposable to maintain multiple simultaneous credentials and get the right one to automatically be used?