> I can circumvent the password rules in kpwvalid.
That's how it is. Since the authentication server never sees your
password in the clear but only after stringtokey translation, it has no
chance to enforce any rules on the clear-text password, and all such
checking can only be done on the client. Since the AFS security concept
assumes the user has full control over the client, the kpwvalid
mechanism can only be viewed as an aid for the user, but not as
something that can really be enforced.
--
Michael Niksch TEL: +41-1-7248-913
IBM Zurich Research Laboratory FAX: +41-1-7240904
Saeumerstrasse 4 [EMAIL PROTECTED] (NIK at ZURICH)
CH-8803 Rueschlikon / Switzerland http://www.zurich.ibm.com/~nik/
