A yes/no confirmation dialog is useful if there is a real cost, but the
browser should never see the password.
1) Kerberos should normally be invisible to users; there should be a
TGT whenever the user is logged in.
2) AFS kerberos uses a different password->key mapping, so you'd have a
problem with AFS sites. (Problem #1; how do you tell apart sites using
AFS Kerberos? We use AFS with MIT Kerberos).
3) It's bad policy for users to get into the habit of entering their
passwords into programs other than passwd, kinit and login.
we'd be happy to try a Kerberised client and server, as authenticated
info serving is something of a wish here.
Peter Lister [email protected]
Computer Centre,
Cranfield Institute of Technology, Voice: +44 234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL England Fax: +44 234 750875