* John Nemeth <jnemeth@victoria.tc.ca> [1229 09:29]:

> } of the powerful features of Kerberos is ticket forwarding. It requires
> } the client application understand Kerberos (or GSSAPI) well enough to
> } actually forward the cached credentials rather than a username &
> 
>      Hmm, yes I see the problem.  Kerberos doesn't really fit into the
> traditional UNIX way of doing things.  It seems that we need a new
> protocol independent and method independent client/server
> authentication protocol, where a server can tell a client what it wants
> (i.e. prompt user for username and password, send Kerberos ticket,
> etc.).

SASL is supposed to address these issues - unfortunately It's horribly
complex.


-- 
common sense is what tells you that the world is flat. - Principia Discordia
Rasputin :: Jack of All Trades - Master of Nuns