systematic Kerberization
David T Hollis
dhollis at davehollis.com
Wed May 12 00:45:36 UTC 2004
On Tue, 2004-05-11 at 18:48 +0200, Ronny Buchmann wrote:
> On Tuesday 11 May 2004 18:10, you wrote:
> >
> >
> > What does Windows do for laptops?
> Windows does caching.
>
> 1. login on network (domain login)
> 2. authentication information (user/password(hash?) is cached)
> 3. logout
> 4. timespan of length x
> 5. disconnect
> 5. login at domain (against cached auth info)
>
> So in short, if you once were logged in, you can login at (any?) later time
> without network (AFAIK this needs to be enabled somewhere, it's not default).
Caching user credentials is enabled by default (for 10 user accounts
IIRC) up through XP. Win2k3 may not do it since it is server oriented
and the whole "security push" marketing show. Any security guide worth
its salt will tell you to turn that off, though in the Windows paradigm,
that does mess up laptops (which are the ones you would want it off on
since they are roaming all over the place!). Another problem with it is
that if I login with LaptopA, do my thing and shutdown and then login
with LaptopB and change my password, I can still log into LaptopA while
disconnected from the network with my old password.
--
David T Hollis <dhollis at davehollis.com>
More information about the fedora-devel-list
mailing list