Should auth_krb4_password read .klogin ?

[John Hawkinson]

Booker C. Bense <bbense at networking.stanford.edu> wrote on Wed, 28 Nov 2001
at 13:11:12 -0800 in <Pine.GSO.4.33.0111281257190.10686-100000 at shred.stanford.edu>:


> - One of Stanford's local oddities in it's kerberos deployment
> is that it supports using the password of a principal in the
> .klogin file to access an account.
...
> - I'll be hacking this behaviour into a local version of ssh, but
> is there any interest in having these patches? The flag file
> is ugly, but perhaps it could be changed to an config option.

I don't think this is a good idea at all.

In general, I think it's a bad idea to promote non-standard Kerberos
features. Having options and special ways to do Kerberos differently
will promote weird divergences, and people misunderstanding exactly
how Kerberos works.


It seems to me that if there are generic changes to the code (i.e.
adding hooks) that make it noticably easier for you to maintain
your patches, that would be a reasonable patch to see in openssh.

Or pursuing having support for your .klogin/password kludge in
Kerberos 5 implementations.

Still yet a third option would be to put such patches in contrib/, but
I think they are of sufficiently limitted appeal that they're better
off not there at all...

But perhaps I'm overreacting to changes to a familiar system and the
changes would not be so disturbing. But I fear they'd have their own
bizarro security problems N years down the line that don't justify
their existance now, given the limitted appeal.

--jhawk