Jan Harkes <jaharkes_at_cs.cmu.edu> writes:
>However, it is interesting that the auth2.pw file wouldn't have to
>contain xor-ed cleartext passwords anymore. We currently need them
>because of the shared secret authentication/key exchange.

Interesting...

You know, if there's a cronjob which refreshes root's security token
once a day, wouldn't it make sense to have it also refresh every other
user's token?  After all, any process with a given user ID should have
access to that user's files, and no such process would exist unless it
had already been authenticated with the normal Unix security system.

Maybe the real problem is that two completely different authentication
schemes are trying to exist side by side.  Would switching to Kerberos
fix this problem, or only make it worse?

Pete Gonzalez