systematic Kerberization
Nils O. Selåsdal
NOS at Utel.no
Tue May 11 14:18:56 UTC 2004
On Tue, 2004-05-11 at 15:30, Havoc Pennington wrote:
> > Yeah, I'm not quite sure what's going on here. At the same time, it's
> > definitely not an unsolvable problem. And since this is Havoc's
> > wishlist thread, we should make sure that fixing this ends up in
> > there ;)
>
> This isn't the first strong customer request for disconnected operation.
> I have no idea what's involved though (it seems like there would be some
> tricky security issues?). I could ask Nalin, but public lists beat
> hallway conversations. ;-)
It's twofold. One might need disconnected operations, in that you log
in as a user found in an LDAP directory. It can probably be discussed
wether you should be allowed to log in as that user if you pull your
network plug ;), or that everything should continue to work if you pull
it after you already logged in.
The other thing is wether to log in to the box at all(to a local
account) if you configured ldap/kerberos/etc. in system-config-auth
Currently you cannot, which is very bad. Last I looked at it, it's just
a matter of changing some "required" to "suffcient" or similar in
/etc/pam.d/system-auth
More information about the fedora-devel-list
mailing list