On Sun, Jul 16, 2000 at 01:00:12PM -0700, Jason R Thorpe wrote:

 > On Sun, Jul 16, 2000 at 12:02:00PM -0700, Paul Goyette wrote:
 > 
 >  > > In the Athena environment (the original user of Kerberos), Hesiod (i.e.
 >  > > "dns" in nsswitch.conf) is used for the user/group database info,
 >  > 
 >  > So, shouldn't use of Kerberos for password changing depend on presence
 >  > of DNS in the nsswitch.conf entry for password?  Currently, setting
 >  > nsswitch.conf to "files" only still doesn't disable Kerberos attempts.
 > 
 > No.  I was only pointing out that Kerberos is separate from where the
 > user information comes from.

For what it's worth, I've just committed a change to libkrb5 that
causes krb5_init_context() to return an error if there is no krb5.conf
file.  This is inline with what the MIT code did, and passwd(1) now
works as you'd expect.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>