systematic Kerberization
Chris Ricker
kaboom at gatech.edu
Tue May 11 14:00:06 UTC 2004
On Tue, 11 May 2004, Dennis Gilmore wrote:
> I see disconected authentication as the caching of just enough data to allow
> system authentication. all other authentication should be resolved when user
> becomes online again and can ask for new tickets. for instance at my old
> work i had 2 pcs and sometimes i would have one disconected from the network
> so i could use my laptop on its network port. and sometimes my password
> would expire before i could reconnect so i would use my old password but
> once i plugged back into the network i would have to reauthenticate so
> everything would work
>
> but i guess to do it what you would need to do is create the key based on the
> password and compare it to an old key which needs to be stored somewhere
> secure
Why invent a new caching? We already have an off-line authentication system
-- standard Unix authentication. Rather than caching authentication, I'd
just like fall back to local accounts when disconnected. When I'm in the
airport, I should still be able to log into my laptop authenticating against
/etc/shadow even though I'm either not on a network, or on a network but not
able to access my ldap server, my kdc, etc.
later,
chris
More information about the fedora-devel-list
mailing list