Subject: Re: kerberos in 1.5_ALPHA
To: Greywolf <email@example.com>
From: Jason R Thorpe <firstname.lastname@example.org>
Date: 07/16/2000 10:17:18
On Sun, Jul 16, 2000 at 09:42:28AM -0700, Greywolf wrote:
> That's broken, IMO. If the kerberos method is not included in the
> nsswitch.conf, it ought not be consulted, I think. Or does that "break"
Well, actually, Kerberos doesn't really fit into the nsswitch model.
In the Athena environment (the original user of Kerberos), Hesiod (i.e.
"dns" in nsswitch.conf) is used for the user/group database info, and
Kerberos is used to authenticate the users. Kerberos is also used to
authenticate a person for access to another shared user account, such
as root (this is how su(1) works w/ Kerberos).
They're really two disjoint things, that happened to unfortunately crammed
together back when the Unix password database format was invented.
-- Jason R. Thorpe <email@example.com>