--Apple-Mail-11-894613038
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On Jan 16, 2005, at 10:55 AM, Roland Dowdeswell wrote:

> Presumably because if the KDC are unavailable it will take a long
> time for the libraries to time out and try local passwords.  It is
> less necessary for things like Hesiod/NIS because you can organise
> /etc/nsswitch.conf to search files first for critical accounts.

Define "a long time".  I have seen fairly short timeouts when the KDC 
is unavailable for applications like e.g. sudo.

In any case, don't really think the argument of "in case Kerberos is 
down" really holds water.  What if it's Radius that you're using?  
Should we add a special flag for that, too?

         -- Jason R. Thorpe <thorpej@shagadelic.org>


--Apple-Mail-11-894613038
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFB6r70OpVKkaBm8XkRArG7AJ9EGiMyGECp+GJG6S3w/Ag7fKrp3wCguPM9
pjcu4hGbFAatsKYEoTgPd54=
=4zYE
-----END PGP SIGNATURE-----

--Apple-Mail-11-894613038--