Kenneth Stephen wrote: > > Hi, > > DCE (atleast IBM DCE does) provides an integrated login daemon > which if running on a DCE client, allows a dce login to a DCE user even if > the user is not a local user. No more duplication of userid databases - > one just has to be defined as a user in the DCE registry. Is there an > equivalent for Kerberos?
You might be starting to mix authentication with authorization. Kerberos only does authenticaiton. Where as DCE is using Kerberos for authentication, then making authorization decisions using the DCE registry information. So there is no equivalent, as Kerberos does not maintain an authorization database. But there is a way to use a Kerberos ticket to get a DCE context. We did this for years, where we would use the MIT Kerberized rlogin, telnet, ftp and SSH programs which only do Kerberos and use the forwarded ticket to get a DCE context for access to DFS. The k5dcelogin and k5dcecon programs. The k5dcecon could be used from PAM, if your operating system had PAM. See: ftp://achilles.ctd.anl.gov/pub/kerberos.v5/k5dce.20010824.tar > > Thanks, > Kenneth > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > http://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
