[31224] in Kerberos
Re: Logging on with cached key
daemon@ATHENA.MIT.EDU (Nikolay Shopik)
Thu Jun 4 12:47:23 2009
Message-ID: <4A276C35.5080900@inblock.ru>
Date: Thu, 04 Jun 2009 10:39:49 +0400
From: Nikolay Shopik <shopik@inblock.ru>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <73739dc10906031347v6c97d34an4b2a20ab67f1ee2c@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 04.06.2009 0:47, Ravi Channavajhala wrote:
> On Wed, Jun 3, 2009 at 11:09 PM, Nikolay Shopik<shopik@inblock.ru> wrote:
>> Hello.
>>
>> I'm configuring Linux machines using W2003 as KDC, everything works fine
>> for Debian SSH, and Ubuntu for X server with MIT kerberos.
>>
>> But I would like to give user ability to loggon into workstation if his
>> key not yet expired and KDC not available for moment, is that possible?
>
> This is the reason why you have to maintain a backup KDC. If you have
> a single point of failure and that's that. How valid a valid key is
> really valid if KDC is not there to validate :-)
>
> Even if KDC is running and you have a valid key, kerberos session
> tickets are not persistent across the logins.
That's good point, I though about that just after I post this message!
So another question can I use MIT kerberos as backup with W2003 KDC?
Also how to deal with offline clients like notebooks, when they don't
have connection at all?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
