Logging on with cached key
Nikolay Shopik
shopik at inblock.ru
Thu Jun 4 02:39:49 EDT 2009
On 04.06.2009 0:47, Ravi Channavajhala wrote:
> On Wed, Jun 3, 2009 at 11:09 PM, Nikolay Shopik<shopik at inblock.ru> wrote:
>> Hello.
>>
>> I'm configuring Linux machines using W2003 as KDC, everything works fine
>> for Debian SSH, and Ubuntu for X server with MIT kerberos.
>>
>> But I would like to give user ability to loggon into workstation if his
>> key not yet expired and KDC not available for moment, is that possible?
>
> This is the reason why you have to maintain a backup KDC. If you have
> a single point of failure and that's that. How valid a valid key is
> really valid if KDC is not there to validate :-)
>
> Even if KDC is running and you have a valid key, kerberos session
> tickets are not persistent across the logins.
That's good point, I though about that just after I post this message!
So another question can I use MIT kerberos as backup with W2003 KDC?
Also how to deal with offline clients like notebooks, when they don't
have connection at all?
More information about the Kerberos
mailing list