> It depends on your threat model. > > You could set an IP ACL, or you could set up a cron job to give > you real tokens. Either case means that someone who breaks into > your machine has the full priviledges of that "user". would setting up an IP ACL eliminate the need for the kas server? Would IP ACL authenticate based on the IP of the client?