systematic Kerberization

Havoc Pennington hp at redhat.com
Tue May 11 13:24:34 UTC 2004


On Tue, 2004-05-11 at 00:37, Jeremy Katz wrote:
> > For me, though, the biggest problem is the generic pam / glibc / moon phase
> > / whatever interaction where RH and Fedora systems blow up badly, failing to
> > degrade back to existing local accounts, if a distributed information /
> > authentication (LDAP, krb, NIS) is down.... Any enterprise that's going
> > Kerberos, IMHO, can mostly work around the rest simply by pushing out more
> > functional software than what RH ships, but that one can be kinda a pain to
> > work around....
> 
> Yeah, I'm not quite sure what's going on here.  At the same time, it's
> definitely not an unsolvable problem.  And since this is Havoc's
> wishlist thread, we should make sure that fixing this ends up in
> there ;)

This isn't the first strong customer request for disconnected operation.
I have no idea what's involved though (it seems like there would be some
tricky security issues?). I could ask Nalin, but public lists beat
hallway conversations. ;-)

Havoc






More information about the fedora-devel-list mailing list