[14487] in Kerberos
kerberos authentication from laptops
daemon@ATHENA.MIT.EDU (Ben McConaghy)
Mon May 28 03:35:39 2001
Message-Id: <200105280732.f4S7WBg18298@deakin.edu.au>
To: kerberos@mit.edu
Date: Mon, 28 May 2001 17:32:14 +1000
From: Ben McConaghy <benmc@deakin.edu.au>
We've set up a pilot windows 2000 domain configured to authenticate
off our unix kdc. In this configuration, usernames are replicated from
the kdc to the win2k pdc but passwords on the pdc are randomly generated
(ie the user doesn't know it). During testing we've noticed that although
everything works fine when connected to the network, unplugging means the
workstation can't communicate with the kdc anymore and hence can't login.
A vanilla win2k domain appears to get around this problem by cacheing the
password, but when configured to authenticate from the MIT kdc, windows seems
to just give up when it finds the kdc is unreachable. This is a problem
especially for laptop users. Has anyone come across this particular issue
before? If at all possible we'd like to avoid having to create local accounts
on every laptop, or syncronising passwords between the kdc and the win domain.
Thanks!
---------------
Ben McConaghy
Systems Programmer
Information Technology Services
Waterfront Campus
Deakin University
benmc@deakin.edu.au
