>The v3 stop-domain command needs to execute the command on the server >(as opposed to using "kill" or something like that), which means it >needs to authenticate with the server. To allow v3 to be more >compatible >with v2, we're considering adding a new authentication mechanism that >will "only" work in the local case. > >Roughly, here's how this would work... > >On server startup, the server would generate a large random number >and write it in a file that is readable only by the owner of the >file (the user who started the server). > >Local commands, such as stop-domain, would read this file if it's >available and send the number as part of the authentication information >to the server. The server would accept either the normal >username/password >authentication, or some special username along with this number as the >password.
In Solaris it's easy to know which user is on the other end of a local connection. Why not use that information instead? Casper
