Re: 2 questions...



On Mon, 2005-07-25 at 20:27 -0400, Derek Atkins wrote:
> Colin Walters <walters verbum org> writes:
> 
> > Seriously, what's the difference to the end user? 
> 
> Having to type their password first?

Not necessarily:

> Having to restart gaim or psi or other apps because there's a
> race condition between login and network startup?
> 
> > As far as technical implementation I don't see using cached credentials
> > to be less "straightforward" than trying to do network configuration
> > before login.
> 
> Caching credentials is a HARD problem.  How is PAM supposed to 
> know my kerberos password, unless it stores it somewhere?  I don't
> want PAM to store my _kerberos_ password.

Why not?  If you wanted to avoid the second password prompt, there's no
reason for example we couldn't have PAM pass the password on to your
user session, and then krb5-auth-dialog would try that first before
prompting you.

> Meanwhile, storing network passwords in a place that only root/NM
> can get to it? 

We might need to end up doing this for the server case, but for your
laptop case I think requiring end users to do system administrator type
things just to get their laptop working is wrong.  Any time an end user
needs the root password we have failed.




Attachment: signature.asc
Description: This is a digitally signed message part



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]