On Jun 6, 2007, at 6:57 PM, Thor Lancelot Simon wrote:
> The 'sudo' package can be built to use Kerberos 5 for authentication
> of users. When a user is properly authenticated to sudo, sudo grants
It should be noted that Kerberos is not an authorization system. All
this case does is allow a user, who can already log into your system,
and already can use sudo, to bypass their real password. If the user
can't do things as root, correct or incorrect password isn't buying
them much.
This IS a bug in handling kerberos authentication, but if the user
can log into the system, the user can use any version of sudo, and if
they're authorized, they already know their password, and can do
things as root.