[5513] in Kerberos
Re: Kerberos and adduser
daemon@ATHENA.MIT.EDU (warlord@MIT.EDU)
Tue Jul 18 20:29:13 1995
Date: Tue, 18 Jul 1995 20:22:40 -0400
From: warlord@MIT.EDU
To: rbowns@eagle.wbm.ca (Rob Bowns)
Cc: kerberos@MIT.EDU
In-Reply-To: "[5512] in Kerberos"
> Is it possible to get my "adduser" command on my BSD "client" to
> automatically populate the Kerberos db on the "server", without having
> to manually do a kdb_edit on that server machine?
This would require you to have the equivalent of a registration
daemon. There are two ways to do this. The first is to have adduser
call kadmin with the appropriate arguments to add a new key to the
database (this requires the person calling adduser to have the
appropriate access to add a new key to the database).
The second option is to create a special key that the adduser program
has hardcoded into it, and then adduser makes the kadmin calls to add
the new user.
I'd recommend option 1, but that requires you to run adduser on a
trusted console (rather than over the net). You might want a
combination of kerberos and yp or hesiod to distribute /etc/passwd
information...
I hope this helps.
-derek
