Subject: Re: pseudo-shadowing of passwords with ypserv?
To: Ken Hornstein <firstname.lastname@example.org>
From: Johan Danielsson <email@example.com>
Date: 10/12/1998 14:37:37
Ken Hornstein <firstname.lastname@example.org> writes:
> We're a big Kerberos/AFS shop, but we still use YP.
We're just pulling a (periodically updated) master password file from
AFS. This gives you a delay before all passwd-files are updated, but
that isn't a big problem as I see it - it's a lot better than having
to fight with YP or Hesiod.
> I don't quite understand what people mean by "users don't understand
> Kerberos". Sure, they don't, but they don't understand 95% of the
> things they use, and that generally doesn't stop them :-) For
> example, they don't understand YP, but they use it just fine.
I agree. Kerberos has a bad reputation of beeing hard to understand,
and impossible to install, but the former isn't a problem as long as
there is *someone* that understands how it works (which isn't too
difficult), and the latter is a lot better nowadays (I can understand
that people was a bit frustrated with the original MIT Kerberos 4
> It's a big nasty mess, and I've been staying away from it.
Hear! Hear! :-)