[148] in Info-AFS_Redistribution
Re: authentication database vs. /etc/passwd ...
daemon@ATHENA.MIT.EDU (cball@bu-it.bu.edu)
Mon Jun 17 11:38:10 1991
To: Marybeth_Schultz@transarc.com
Cc: Info-AFS@transarc.com, cball@bu-it.bu.edu
In-Reply-To: Your message of "Fri, 14 Jun 91 08:12:19 EDT."
Date: Mon, 17 Jun 91 08:45:48 -0400
From: cball@bu-it.bu.edu
It is clear that it is not feasible to decrypt the /etc/passwd entries.
However, while I can't speak for anyone else, what I would like to have
is a mechanism to give a kerberos account that will be initialized with
the user's unix password the next time they login.
Login has the password in clear text so it should be able to do this as
long as it can detect that the kerberos account is in some
pre-initialization state. A better transition mechanism with minimal user
inconvenience seems valuable. It would probably make sense to have login
spit out a message a) indicating that the kerberos password has been
initialized and b) recommending use of kpasswd to change it...
-Charles Ball
