Goran Thyni <goran@bildbasen.se> writes:
> IMHO, even Kerberous should be removed.
No, it should be fixed, not removed. I would very much like to use krb5
authentication.
My main problem with the whole authentication system is that there can only
be one global method. That is, everything is password based, on one
password per user.
I would think a good method would have the (username, auth-data) stored
together, but you could have multiple (username, auth-data) tuples. For
instance, I might have a Kerberos5 authentication:
usename authtype authdata
--------------- --------------- ------------------------------
explorer krb5 explorer@FLAME.ORG
explorer md5 4f1929cbca91deadbeef0123...
explorer cryptpw UNIX-standard crypted string
explorer plainpw password
Then I can control how someone connects down to a method. I could
allow different methods for different trust levels. I might trust my
local, server machine with just a password, but deny access to the rest
of the net unless they use Kerberos5.
--Michael