[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: systematic Kerberization



On Tue, 2004-05-11 at 18:48 +0200, Ronny Buchmann wrote:
> On Tuesday 11 May 2004 18:10, you wrote:
> >
> >
> > What does Windows do for laptops?
> Windows does caching.
> 
>  1. login on network (domain login)
>  2. authentication information (user/password(hash?) is cached)
>  3. logout
>  4. timespan of length x
>  5. disconnect
>  5. login at domain (against cached auth info)
> 
> So in short, if you once were logged in, you can login at (any?) later time 
> without network (AFAIK this needs to be enabled somewhere, it's not default).

Caching user credentials is enabled by default (for 10 user accounts
IIRC) up through XP.  Win2k3 may not do it since it is server oriented
and the whole "security push" marketing show.  Any security guide worth
its salt will tell you to turn that off, though in the Windows paradigm,
that does mess up laptops (which are the ones you would want it off on
since they are roaming all over the place!).  Another problem with it is
that if I login with LaptopA, do my thing and shutdown and then login
with LaptopB and change my password, I can still log into LaptopA while
disconnected from the network with my old password.

-- 
David T Hollis <dhollis davehollis com>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]