1) You only have to type one command. With Kerberos, you have to
kinit and type a password first.
With ssh, it's usually easier in the long run to use ssh-add at the
begining of a session than to type the passphrase for your key all the
time. And it's amazing how ssh-add behaves like kinit...
2) It's easier to distribute your public key than to remember Yet
Another Password, and try to get set up on Yet Another
Administrative Domain.
This is true to some extent, but I use the [EMAIL PROTECTED]
kerberos principal to access machines in three different realms. So
it's basically the case that I have to keep track of a kerberos
password, and an rsa key passphrase. Oh, and then there are assorted
passwords for assorted machines at work, assorted admin kerberos
principals, etc.
We're generally happy to add shared keys for additional kerberos
realms if people have additional kerberos realms that they care about.
Though I think the only shared keys we have now that are actually set
up correctly are with GRATUITOUS.ORG and ATHENA.MIT.EDU. CYGNUS.COM
decided they didn't want to set up a shared key with us.
