Zaar Hai wrote:
On Fri, Aug 27, 2010 at 7:06 PM, Min Wang <ser.basis@gmail.com> wrote:user1 can log in as local root on Linux PC1, Even though as root, user1 can not rm /home/user2, but he can su - user2 on Linux PC1 then rm something.You need NFS4 with gssapi. This way to access someone's file you need an appropriate (his) credentials from KDC (which will be hosted near by your LDAP server).
Hi thanks. I'm totally a newbie to this nfs4/gssapi/kerberos. (1) does this approach prevent user1-> root ( su-> ) user2? (2) Or we need to change to use Kerberos instead of LDAP/PAM?(3) And In the kerberosized environment,can the local root su to networked user2?
kind regards Min Wang