On Thu, 2007-10-11 at 14:47 -0400, Greg DeKoenigsberg wrote: > On Thu, 11 Oct 2007, Karl MacMillan wrote: > > >> Should be pretty trivial to just use a different cert. In theory, a cert > >> is a cert is a cert; if the server can say "hello, do you trust me?" and > >> the client can say "yes, I'm listening," func doesn't care what that > >> mechanism is. > > > > You might want to do kerberos instead of certs, though. Kerberos will > > get you per-user auth easily while the cert model is going to be hard to > > scale to per-user. > > Instead of, rather than in addition to? Is there a particular reason not > to enable both? Mandating krb will exclude some folks. > I meant in addition to. Karl
