Keep kerberos ticket across sudo invocation

view full story

http://unix.stackexchange.com – On a regular linux machine, when I use sudo -s as a normal user, I become root but HOME still points to ~user, so every admin has his own environment etc. (this is without env_reset or always_set_home set). On a system where the home directories live on an AFS file system, this also works, if the environment variable KRB5CCNAME is preseved, as root can read this file in /tmp. But if I use sudo on such a system to change a local non-root user (e.g. the dedicated user for a certain service), the new user cannot access the kerberos cache (as it is owned by the old user and has mode 600). But i (HowTos)