(Illustration by Gaich Muramatsu)
Thanks for the quick reply. > I was thinking about writing a PAM module to issue your tokens on > login, but I'm completely new to Coda and still setting up our server > so I have no idea of the feasibility, etc. I can let the list know > as i progress, but OOC, why would you want it as your primary > authentification (sp?) method, as opposed to using an existing > method -- say a /etc/passwd or LDAP -- and using PAM to > keep the passwords between Coda and the primary Auth method > in sync, as well as to issue tokens on login...? I would very much like to have only one authentication method. I have not yet configured PAM, but I guess from the little I know that it is possible to have a configuration that authenticates the user using /etc/passwd first, and if that fails, if falls back to kerberos. In my case, I would like to have Coda instead of kerberos, that's all. I think it would be too much of a hassle if I set up another secure authentication method just because it is easier to handle in PAM. /etc/passwd is not an option, as it is local to each machine, NIS is insecure, and I don't know what LDAP is. I think that if would be far more straightforward for an experienced PAM user/developer to write a PAM module than setting up kerberos or similar. I don't really know PAM, so can you please tell me how the mapping of user names to UIDs and vice versa is done if you use kerberos as the primary auth method? Is there a better method than using NIS for this? In Coda, each user has a UID (as opposed to kerberos), so I see a potential advantage here in having a Coda module that also does the mapping rather than having Coda, kerberos AND NIS at the same time (this would not only be cumbersome, it would also take away the huge advantage of multiple servers in Coda which can do authentication independently from each other, unlike kerberos, thus making the whole cluster "hot-pluggable"). Thanks, Andras =========================================================================== Major Andras e-mail: 1. andras_at_sticks.phy.bris.ac.uk 2. andras_at_physcip.uni-stuttgart.de www: http://www.physcip.uni-stuttgart.de/andras ===========================================================================Received on 1999-11-11 06:05:44