[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos V and xdm
Mark Davies wrote:
> > In operation, the program will first try to authenticate a user against
> > the Unix password database. Failing that, it tries Kerberos, and, with
> > success there, will issue tickets.
> I'm curious why the tests are in that order (the heimdal telnetd also does
> these tests in that order). If you have a user that has the same password in
> the local unix passwd file and in kerberos they don't get tickets issued.
It seems very reasonable to me, at least to avoid network problems (you can
login using local password without timeout/other problems), to avoid test
for accounts which should not be tested agains Kerberos (root, ...).