> Using Kerberos means that the users must alter the way they do their > authentication. Depends what you mean. Yes, there are differences, yes I've had (serious) problems, but in MIT Kerberos's defence, it's own /bin/login DOES know about running attach and hence aklog, to get an AFS token with no further intervention on the user's part. Users shouldn't perceive a difference. They'll have to use MIT kpasswd, but you as the sysman will set things up so that this won't be obvious to them. You'll have to do a hack to get a new PAG (this is possible even if you cannot re-compile login; we use such a kludge and it works fine). Peter Lister [EMAIL PROTECTED] Computer Centre, Cranfield Institute of Technology, Voice: +44 234 750111 ext 2828 Cranfield, Bedfordshire MK43 0AL England Fax: +44 234 750875
