RX Kerberos 5 security class requirements of Kerberos library
jaltman at secure-endpoints.com
Wed Jan 3 12:46:40 EST 2007
Nicolas Williams wrote:
>> This way the function can only be used for localauth and cannot be used
>> to specify an
>> arbitrary client name to the service whose key is in the service keytab.
> Sorry, I find this lame. And I still have yet to hear what is so wrong
> with using OS facilities for local auth.
Local auth does not necessarily mean single machine. Local auth can
be used in the AFS case whenever the user executing the commands has
the necessary read access to the keytab files.
More information about the krbdev