systematic Kerberization

Dennis Gilmore dennis at ausil.us
Tue May 11 13:40:50 UTC 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Once upon a time Tuesday 11 May 2004 11:24 pm, Havoc Pennington wrote:

>
> This isn't the first strong customer request for disconnected operation.
> I have no idea what's involved though (it seems like there would be some
> tricky security issues?). I could ask Nalin, but public lists beat
> hallway conversations. ;-)

I see disconected authentication as the caching of just enough data to allow 
system authentication.  all other authentication should be resolved when user 
becomes online again and can ask for new tickets.  for instance  at my old 
work i had 2 pcs  and sometimes i would have one disconected from the network 
so i could use my laptop on its network port.  and sometimes my password 
would expire before i could reconnect  so i would use my old password  but 
once i plugged back into the network i would have to reauthenticate so 
everything would work

but i guess to do it what you would need to do is create the key based on the 
password and compare it to an old key which needs to be stored somewhere 
secure

Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAoNfmkSxm47BaWfcRAmN/AJ9rwqe3qLlfHQGyEiP1q8mptM2KLACeO1SJ
6PimrR7OlhcnKzUW8WTO5SM=
=w3oC
-----END PGP SIGNATURE-----





More information about the fedora-devel-list mailing list