[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: systematic Kerberization



On Tuesday 11 May 2004 18:10, you wrote:
> On Tue, 2004-05-11 at 10:26, Chris Ricker wrote:
> > I'm well aware of how it works. I'm also aware that it doesn't solve the
> > problem of wanting to work disconnected. Kerberos ticket caching still
> > requires initial connectivity. It also does nothing for LDAP, NIS, etc.
> > You'd need a totally new ad-hoc caching mechanism above and beyond the
> > krb ticket cache, and I don't think it would turn out to be something any
> > sane organization would want.... Local accounts, OTOH, are an access
> > control mechanism that is at least well-understood, which is why our
> > standard is to fall back to them if distributed is unavailable.
>
> What does Windows do for laptops?
Windows does caching.

 1. login on network (domain login)
 2. authentication information (user/password(hash?) is cached)
 3. logout
 4. timespan of length x
 5. disconnect
 5. login at domain (against cached auth info)

So in short, if you once were logged in, you can login at (any?) later time 
without network (AFAIK this needs to be enabled somewhere, it's not default).

-- 
http://LinuxWiki.org/RonnyBuchmann



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]