[7120] in Kerberos
Kerberos Principles
daemon@ATHENA.MIT.EDU (Tom Ryan)
Thu Apr 18 17:14:16 1996
To: kerberos@MIT.EDU
Date: 18 Apr 1996 10:57:54 -0000
From: tomryan@camlaw.rutgers.edu (Tom Ryan)
I currently have kerberos 5 beta 5 from MIT and Cygnus on my system.
Rutgers has chosen to go with principles that do not match our usernames.
our systems use shadow and our passwd files look like this..
username:##ALMOSTPRINCIPLE:uid:gid etc etc...
Almostprinciple because then we have to add a + in front of it and back of
it..
I thought that cygnus would support shadow but I haven't been able to get
it to work on my system.
Is there a way that I can get cygnus (or MIT) to search the file for the
correct principe.. (maybe in auth.h or something?? is this easily done??)
What I would like to do would be to have all of the logins check the
password file and if ## exists in it, try to kerberos authenticate them on
that first..
i.e. if i telnet in, or sit at the console, and type in username,
login.krb would check my username against /etc/passwd, if ## existed and I
supplied the correct password for +ALMOSTPRINCIPLE+ it would let me in, if
## didn't exist, it would check against the shadow file..
I would like this to continue across all password checking programs (i.e.
ftp, xdm, etc etc)
Any pointers ideas?
Thanx..
tom
