[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: systematic Kerberization



Once upon a time Tuesday 11 May 2004 11:24 pm, Havoc Pennington wrote:
> On Tue, 2004-05-11 at 00:37, Jeremy Katz wrote:
>
> This isn't the first strong customer request for disconnected operation.
> I have no idea what's involved though (it seems like there would be some
> tricky security issues?). I could ask Nalin, but public lists beat
> hallway conversations. ;-)

I had a thought on some way of maybe acheiving this  when you log in for first 
time to the kerberos Authentication server  a new entry is placed 
in /etc/passwd  but instead of a x for shadow password  you use a k for 
kerberos when you generate the  key between the Authentication server and 
user  you encrypt the password with it and save in /etc/kerberos/<username>  
so then in the future  if the user is disconnected  they can generate the key 
and decrypt the password  when not connecte to the network.  

Just an idea

Dennis



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]