> And if Kerberos is becoming the defacto standard these days I guess I need to read up on it.
Haha. Becoming? No. It's the standard, and has been the standard for many years. > I'll see if I can't find a good book or two on the system. If you are still here, trying to solve what essentially looks to me like an identity management problem (or IdM as red hat likes to call it), I highly recommend FreeIPA. It handles kerberos, pam, samba, and NFS authentication/authorization with ease. It also allows for radius and totp auth. But if you want to go back to debating the efficacy of kerberos and pam, I'm sorry but you are doing it wrong. This isn't an opinion, it is a proven mechanism and should be given great credit. It's much of why the security of *nix systems has been better than others for so long. Have a nice day. herlo /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */