Subject: Re: Centralized User and Password Management
To: NetBSD Users <>
From: Dick Davies <>
List: netbsd-users
Date: 12/09/2004 09:56:59
* John Nemeth <> [1229 09:29]:

> } of the powerful features of Kerberos is ticket forwarding. It requires
> } the client application understand Kerberos (or GSSAPI) well enough to
> } actually forward the cached credentials rather than a username &
>      Hmm, yes I see the problem.  Kerberos doesn't really fit into the
> traditional UNIX way of doing things.  It seems that we need a new
> protocol independent and method independent client/server
> authentication protocol, where a server can tell a client what it wants
> (i.e. prompt user for username and password, send Kerberos ticket,
> etc.).

SASL is supposed to address these issues - unfortunately It's horribly

common sense is what tells you that the world is flat. - Principia Discordia
Rasputin :: Jack of All Trades - Master of Nuns