what happens when kfw is disconnected

Jeffrey Altman jaltman at secure-endpoints.com
Wed May 28 12:02:05 EDT 2008


David Bear wrote:
> We have the challenge of supporting very mobile users who may hop between
> many wireless networks. These machine are joined to an AD domain so when
> they hop on to a wireless network, they are logged on using whatever
> credentials windows has cached. This seems to cause an issue for KfW and/or
> Openafs. I am wondering of KfW handles the situation where it cannot contact
> a KDC becuase there is no network path available because windows hasn't
> connected to any network. Can KfW be instructed to wait a certain time
> period for trying to get a tgt? Or, can KfW wait for an event, like the
> availability of a wireless network -- and then contact the kdc for
> credentials?
>
KFW does not cache the user's password.  If the KDC is not reachable 
during logon, the user will not obtain credentials.

The user can obtain credentials at a later time using Network Identity 
Manager.  You can configure NetIdMgr to monitor network connectivity and 
prompt the user to obtain credentials if s/he has none.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20080528/3694f912/attachment.bin


More information about the Kerberos mailing list