become_method: Add support for ksu #17143
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ISSUE TYPE
COMPONENT NAME
playbook/play_context.py
ANSIBLE VERSION
git devel commit 677a34a
SUMMARY
On kerberized systems using ksu will simplify privilege escalation.
The requirements for ksu to work is that the calling user have
a valid kerberos ticket, that the remote system supports GSSAPI
authentication where the kerberos ticket is forwarded and that
the target user have a .k5login file with the kerberos principal
of the user calling ksu listed. With this in place, no password
will be needed.