Subject: Deciding whether to use Kerberos or not
To: None <tech-userlevel@netbsd.org>
From: Frank van der Linden <frank@wins.uva.nl>
List: tech-userlevel
Date: 06/27/2000 12:33:19
Since Kerberos is now included by default, because of the integrated
crypto thanks to Jason's efforts, several programs use it for
authentication.

Unfortunately, there seems to be no way to detect, at runtime, whether
it is active or not, leading to unexpected error messages and
timeouts when Kerberos is not configured (the default case). That's
not an acceptable situation for a release.

We should try to come up with a method of determining whether Kerberos
is configured. If that is not easy or possible, we should simply
disable the use of Kerberos by default in the userland programs that
use it, and only use it if a commandline flag is specified (i.e.
passwd -5). Or have seperate utilities (like kpasswd).

I was under the impression that this was somehow solved already in
crypto-intl, at least, I do not remember the error messages..
am I wrong?

Anyway, suggestions? Johan suggested an nsswitch-like construction,
but I don't know how feasible that is.

- Frank