[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: systematic Kerberization



On Sat, 15 May 2004, Havoc Pennington wrote:

> On Sat, 2004-05-15 at 13:54, Magnus Runesson wrote:
> > > > Also, it's always possible to select the local computer and log into that,
> > > > rather than into the domain.
> > > > 
> > > 
> > > So the message I've gotten from others is "Windows solves this problem
> > > and Linux does not" and they were aware of the ability to set up a local
> > > passwd file when complaining.
> > 
> > Doesn't PADL's pam-modules ccreds and nss_updatedb help to solve the
> > problem. http://www.padl.com/OSS/pam_ccreds.html
> > Unfoutunately, I havn't got the time to test it by my self yet.
> > 
> 
> Certainly appears so. Anyone tried this?

I mentioned PADLS new modules earlier in this thread: they basically do 
solve the problem BUT it does so by caching ALL of the directory data on 
the local harddisk. Not very feasible when you have tens of thousands of 
users (and never mind the security implications of carrying whole companys 
usernames and passwords around in a laptop..)

	- Panu -



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]