[EMAIL PROTECTED] wrote: > 3. For this protocol to be convenient enough for its typical use case (one > client multiple servers), there must be a *single* authentication token > authenticating the client to all server. I.e., the admin should not be forced > to supply a different password for each server. More generally, the amount of > authentication resources (passwords, keys, certificates, whatever) per > machine must be kept to a bare minimum.
I don't think this is a wise way to go. The client can hold multiple tokens encrypted by a master token that never leaves the client. Perhaps a ticket mechanism, like kerberos, would be the way to go. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/alfs-discuss FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
