Kerberos auth and the loss of the network

Edgecombe, Jason jwedgeco at uncc.edu
Wed Sep 5 16:42:20 EDT 2007


1. everything will work as soon as the Kerberos server comes back online
2. Kerberos can replicate to slave servers with failover to ensure
reliability
3. On Linux, PAM can be configured to allow for fall-through if Kerberos
fails. This is how root normall logs in. The problem is that this
requires that the user have a password on the local box.

But to summarize, a user whose password is only in Kerberos, which is
preferred will be locked out of a machine if the machine cannot talk to
a master or slave Kerberos server. This is the same situation for any
network-based authentication and includes LDAP.

Sincerely,
Jason

Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
UNC-Charlotte
Phone: (704) 687-3514
 

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Jason Greene
Sent: Wednesday, September 05, 2007 4:34 PM
To: kerberos at mit.edu
Subject: Kerberos auth and the loss of the network

I am very new to kerberos so please forgive me...

One of my co-workers is telling me that if you implement kerberos in our
Linux  infrastructure we will be in a serious bind of the network
connection
between work servers and the kerberos server or if the kerberos server
dies
we will be locked out of the linux  work servers either until we reboot
into
single user or rebuild or get the kerberos server back online.

Is this true?  Will I not be able to log into the box with a local
account?

-- 
Jason Greene
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list