[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: systematic Kerberization
- From: Dennis Gilmore <dennis ausil us>
- To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
- Subject: Re: systematic Kerberization
- Date: Wed, 12 May 2004 07:35:57 +1000
Once upon a time Tuesday 11 May 2004 11:24 pm, Havoc Pennington wrote:
> On Tue, 2004-05-11 at 00:37, Jeremy Katz wrote:
>
> This isn't the first strong customer request for disconnected operation.
> I have no idea what's involved though (it seems like there would be some
> tricky security issues?). I could ask Nalin, but public lists beat
> hallway conversations. ;-)
I had a thought on some way of maybe acheiving this when you log in for first
time to the kerberos Authentication server a new entry is placed
in /etc/passwd but instead of a x for shadow password you use a k for
kerberos when you generate the key between the Authentication server and
user you encrypt the password with it and save in /etc/kerberos/<username>
so then in the future if the user is disconnected they can generate the key
and decrypt the password when not connecte to the network.
Just an idea
Dennis
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]