[1553] in Kerberos
Couple Questions
daemon@ATHENA.MIT.EDU (Karl Morgan)
Wed Sep 11 03:16:23 1991
Date: 10 Sep 91 20:18:26 GMT
From: exuksm@exu.ericsson.se (Karl Morgan)
To: kerberos@shelby.Stanford.EDU
A couple questions concerning kerberos V4/V5
1) Does kerberos provide a mechanism for denying access to
a particular machine. For example, we do not allow general
users to log into a couple systems. This is accomplished by
placing the following line as the last entry in the
/etc/passwd file. (we are running SunOS NIS)
+:No:0:0:::/usr/bin/permdeny
This has the affect of allowing priviledged users to see
the correct file owners/gids ...etc (not just numbers)
while denying login to the system.
But with the kerberos login all you apparently need is a
valid kerberos id and even though you might be prompted
for a password you will be logged into the system. Is there
something I am overlooking? or is this how it works?
2) Approximately when is krb5 going to be released? Is there
going to be another beta release? We are currently trying
to decide whether to proceed with the implementation of
krb4, or wait for krb5.
Karl Morgan
Ericcson Network Systems
Richardson Tx 75081
exuksm@exu.ericsson.se
