systematic Kerberization
Dennis Gilmore
dennis at ausil.us
Tue May 11 13:40:50 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Once upon a time Tuesday 11 May 2004 11:24 pm, Havoc Pennington wrote:
>
> This isn't the first strong customer request for disconnected operation.
> I have no idea what's involved though (it seems like there would be some
> tricky security issues?). I could ask Nalin, but public lists beat
> hallway conversations. ;-)
I see disconected authentication as the caching of just enough data to allow
system authentication. all other authentication should be resolved when user
becomes online again and can ask for new tickets. for instance at my old
work i had 2 pcs and sometimes i would have one disconected from the network
so i could use my laptop on its network port. and sometimes my password
would expire before i could reconnect so i would use my old password but
once i plugged back into the network i would have to reauthenticate so
everything would work
but i guess to do it what you would need to do is create the key based on the
password and compare it to an old key which needs to be stored somewhere
secure
Dennis
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAoNfmkSxm47BaWfcRAmN/AJ9rwqe3qLlfHQGyEiP1q8mptM2KLACeO1SJ
6PimrR7OlhcnKzUW8WTO5SM=
=w3oC
-----END PGP SIGNATURE-----
More information about the devel
mailing list