Rudy,
Right. I agree. It is desirable to have a "single signon policy".
Unfortunately, we have learned from experience that using AFS
authentication for POP account users is impractical.
You only have to consider the amount of processing involved using:
a) AFS (connect to kaserver etc).
b) a local account (compare encrypted password in local file).
When you have some large number of users logging in very frequently
to your popserver, the difference between a) and b) will be apparent.
Another other issue which worries me about POP clients is their tendency to
store user's POP password. How secure is this stored plaintext password?
I wouldn't want my AFS password stored in plaintext.
--
cheers
paul http://acm.org/~mpb
"Good judgement comes from experience. Experience comes from bad judgement."
Rudy Maceyko <[EMAIL PROTECTED]> wrote:
>
>Excerpts from rmbb.info-afs: 27-Jan-98 Re: qualcomm popper and AFS? Paul
>[EMAIL PROTECTED] (1103*)
>
>> Our current solution is not to use AFS authentication for POP users.
>> Instead, local authentication is used.
>
Rudy> For a large site with a single signon (or password) policy, that
Rudy> wouldn't be very desirable... Not for us, at least...
