Date: Wed, 14 Jun 2000 12:33:49 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Tushar Patel <tpatel@ecpi.com> Cc: Cy.Schubert@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG Subject: Re: Kerberos for POP, radius, ftp etc Message-ID: <200006141633.MAA03515@khavrinen.lcs.mit.edu> In-Reply-To: <200006141451.JAA08402@ecpi.com> References: <200006141417.e5EEHi431392@cwsys.cwsent.com> <200006141451.JAA08402@ecpi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 14 Jun 2000 09:51:38 -0500 (CDT), Tushar Patel <tpatel@ecpi.com> said: > So, how do people change the authentication process to kerberos without > involving the end user? Most places use a registration procedure. For example, in the Athena Computing Environment, there are registration servers which have write access to the Kerberos KDC; new users log in using a special account and prove their identity using an out-of-band mechanism. (We don't do anything like that here at LCS.) One of the hacks that used to run here went in the opposite direction: if a user was able to authenticate with Kerberos, their local password would be changed automatically to be the same as their Kerberos password. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006141633.MAA03515>