Excerpts from internet.info-afs: 17-Aug-94 Re: Getting started with AFS
by "Michael Niksch"@zurich.
>When we moved from an NFS to an AFS environment, we created random
>initial AFS passwords for our users, and made them readable for the
>user. We had a modified login procedure that captured the user's
>current password, read the user's initial AFS password, and used
>kpasswd to set the user's password to whatever the user was using at
>that time. A modified passwd program made sure to keep both passwords
>in sync after that. If you could wait for a while (whatever your
>password expiration time is), you could do everything from a modified
>passwd command and you wouldn't even have to change your login
>procedure.
Hmmm. I found a program called "register" in with one of the BSD
distributions which would, when a machine was set up to allow
registration, allow anyone logged into the machine as some user to
register a Kerberos principal as that username, unless one already
existed. I never did get around to hacking passwd to synchronize
password changes. Has anyone done something more elegant, something
along the lines of a self registration program which would not require
an existing password? I'm not sure of the feasibility of it, I haven't
actually looked into it.
-D
