Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!ucsd!ucbvax!agate!shelby!CS.WISC.EDU!cole
From: cole@CS.WISC.EDU (Bruce Cole)
Newsgroups: comp.protocols.kerberos
Subject: Questions on Kerberos usage
Message-ID: <8909081623.AA01464@dip.cs.wisc.edu>
Date: 8 Sep 89 16:23:28 GMT
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 19


     I would like to replace Unix authentication with Kerberos authentication
on the Unix machines in our department.  Unfortunately, I have run into
some technical problems:

     Our department has an existing user community of thousands of users.  How
can I get all of these users added to the Kerberos master database?  The Athena
Technical Plan mentions a hack whereby users set their passwords using a
public account.  This does not seem practical for an existing user community
(with existing files to be compromised).

     We sometimes run software in unattended modes which distribute files
to remote machines.  How can I use kerberos to authenticate such file 
distributions?

     Can something like rkinit be written that does not require a user to
retype their password?  It seems to me that possessing Kerberos credentials
to login to a remote host as some user should be sufficient to obtain a ticket
granting ticket for that user on the remote host.