(Illustration by Gaich Muramatsu)
>For AFS/NFS there is a kerberized NFS server which does token forwarding to >the AFS client on the same system, but I think one still has to log in to >the NFS server to get such tokens (perhaps with the kerberized NFS client, >this would go away; it's dead slow though). Hrm... Well what about approaching it from the other direction; could the CODA security model replace the Unix/Linux /etc/passwd authentication, i.e. so a valid CODA login counts as valid authentication on the local system? Could this be done using PAM? (This would require a notion of multiple CODA sessions from the same user on the same host, but that shouldn't be too difficult.) That, combined with the elimination of this strange 25 hour expiration rule, would be quite a workable system. BTW what exactly is the justification for the expirations? It seems to decrease security (by requiring daemons which store the passwords in cleartext) rather than increase it. Pete GonzalezReceived on 1999-07-24 23:38:24