systematic Kerberization
Ronny Buchmann
ronny-vlug at vlugnet.org
Tue May 11 16:48:19 UTC 2004
On Tuesday 11 May 2004 18:10, you wrote:
> On Tue, 2004-05-11 at 10:26, Chris Ricker wrote:
> > I'm well aware of how it works. I'm also aware that it doesn't solve the
> > problem of wanting to work disconnected. Kerberos ticket caching still
> > requires initial connectivity. It also does nothing for LDAP, NIS, etc.
> > You'd need a totally new ad-hoc caching mechanism above and beyond the
> > krb ticket cache, and I don't think it would turn out to be something any
> > sane organization would want.... Local accounts, OTOH, are an access
> > control mechanism that is at least well-understood, which is why our
> > standard is to fall back to them if distributed is unavailable.
>
> What does Windows do for laptops?
Windows does caching.
1. login on network (domain login)
2. authentication information (user/password(hash?) is cached)
3. logout
4. timespan of length x
5. disconnect
5. login at domain (against cached auth info)
So in short, if you once were logged in, you can login at (any?) later time
without network (AFAIK this needs to be enabled somewhere, it's not default).
--
http://LinuxWiki.org/RonnyBuchmann
More information about the fedora-devel-list
mailing list