> > You still haven't given me a single example of what these "problems" > are. Just hand-waving and talk about the "right" way is.
It is rather simple and had been addressed lots of times. I really fail to understand why people do keep re-inventing the wheel. Give your admins crypto cards. Make sure that crypto-card service talks GSS-API. Have a GSS-API service provider Configure all your systems to use GSSAPI interface. So, why are we re-inventing the wheel again? Alex P.S. Dont claim that crypto cards are expensive. If you have 40000 Unix machines, you can AFFORD to give everyone a crypto card.
