[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: systematic Kerberization



On Tue, 11 May 2004, David T Hollis wrote:

> Caching user credentials is enabled by default (for 10 user accounts
> IIRC) up through XP.  Win2k3 may not do it since it is server oriented
> and the whole "security push" marketing show.  Any security guide worth
> its salt will tell you to turn that off, though in the Windows paradigm,
> that does mess up laptops (which are the ones you would want it off on
> since they are roaming all over the place!).  Another problem with it is
> that if I login with LaptopA, do my thing and shutdown and then login
> with LaptopB and change my password, I can still log into LaptopA while
> disconnected from the network with my old password.

There are lots of corner cases with it. If you have password aging policies,
it will sometimes allow your users to log in with an expired password, for 
example....

later,
chris



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]