Andrew Suffield <[EMAIL PROTECTED]> writes: > That sure sounds like kerberos to me. Or at least one of the many > things kerberos can do.
Perhaps. There are some similarities in structure. I'm not terribly familiar with typical kerberos usage, but I thought one of the points were that you can get some of your processes running on a machine, without your clear text password ever entering that machine. If one runs one's kerberos client, the login session, and the kerberos ticket-granting server all on the same machine, then it resembles the Hurd's passwd server, but I don't think that's a common setup. To use the Hurd and kerberos, you'd want a server that hands out an authentication token in response to a kerberos ticket, but noone have written anything like that yet, I think. One other important component in the Hurd is the auth server, which is used for things like validation of auth tokens that client processes claim to have. This is the most central component for Hurd access control, I think. The passwd server is a more peripheral component which is used only by programs such as login, su, and addauth. /Niels -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
