Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Content-Length: 1439
Yes, this is our goal, we already have services in execution on each host, for this reason ksu seems to fit well our needs but the fact it needs the TGTs is the only defect.
I have never heard about this remctl, very interesting, I'll check it immediately. Great!
Regards 


On 21 November 2017 at 22:00, Greg Hudson via RT <rt-comment@krbdev.mit.edu> wrote:
I can look into changing the code's behavior, but not on any specific
time table.  ksu isn't a terribly high priority component for the
project.

From your stated security motivation, it sounds like you are building a
scripted or programmatic system on top of ksu to allow specific
operations to be performed at an escalated privilege level.  I don't
think ksu makes a great building block.  Without knowing the full
parameters of the system I can't say what would make a better building
block, but perhaps remctl (
https://www.eyrie.org/~eagle/software/remctl/ ) would be better.