Subject: Re: Centralized User and Password Management
To: NetBSD Users <netbsd-users@netbsd.org>
From: Dick Davies <rasputnik@hellooperator.net>
List: netbsd-users
Date: 12/09/2004 09:56:59
* John Nemeth <jnemeth@victoria.tc.ca> [1229 09:29]:
> } of the powerful features of Kerberos is ticket forwarding. It requires
> } the client application understand Kerberos (or GSSAPI) well enough to
> } actually forward the cached credentials rather than a username &
>
> Hmm, yes I see the problem. Kerberos doesn't really fit into the
> traditional UNIX way of doing things. It seems that we need a new
> protocol independent and method independent client/server
> authentication protocol, where a server can tell a client what it wants
> (i.e. prompt user for username and password, send Kerberos ticket,
> etc.).
SASL is supposed to address these issues - unfortunately It's horribly
complex.
--
common sense is what tells you that the world is flat. - Principia Discordia
Rasputin :: Jack of All Trades - Master of Nuns