[31232] in Kerberos
Re: Logging on with cached ticket
daemon@ATHENA.MIT.EDU (Nikolay Shopik)
Fri Jun 5 09:24:13 2009
Message-ID: <4A291C01.1060003@inblock.ru>
Date: Fri, 05 Jun 2009 17:22:09 +0400
From: Nikolay Shopik <shopik@inblock.ru>
MIME-Version: 1.0
To: Simo Sorce <ssorce@redhat.com>
In-Reply-To: <1244207733.3623.108.camel@localhost.localdomain>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 05.06.2009 17:15, Simo Sorce wrote:
> Windows caches the NT hash of your password.
> That's how you get access w/o the KDC. Nothing to do with kerberos
> credentials at all.
That's what I though for moment. Can such thing (caching MD5/whatever
hash locally for some period) accomplished on Linux?
By default locking screen doesn't not produce request for new TGT, I
mean if workstation is locked. But can be changed via group policy.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
