Subject: Re: Kerberos V and xdm
To: Mark Davies <mark@MCS.VUW.AC.NZ>
From: Miroslav Ruda <ruda@ics.muni.cz>
List: netbsd-users
Date: 09/27/2001 10:44:06
Mark Davies wrote:
> > In operation, the program will first try to authenticate a user against
> > the Unix password database.  Failing that, it tries Kerberos, and, with
> > success there, will issue tickets.
> 
> I'm curious why the tests are in that order (the heimdal telnetd also does 
> these tests in that order).  If you have a user that has the same password in 
> the local unix passwd file and in kerberos they don't get tickets issued.

It seems very reasonable to me, at least to avoid network problems (you can 
login using local password without timeout/other problems), to avoid test
for accounts which should not be tested agains Kerberos (root, ...).

             Mirek Ruda