On Tue, 11 May 2004, Dennis Gilmore wrote: > I see disconected authentication as the caching of just enough data to allow > system authentication. all other authentication should be resolved when user > becomes online again and can ask for new tickets. for instance at my old > work i had 2 pcs and sometimes i would have one disconected from the network > so i could use my laptop on its network port. and sometimes my password > would expire before i could reconnect so i would use my old password but > once i plugged back into the network i would have to reauthenticate so > everything would work > > but i guess to do it what you would need to do is create the key based on the > password and compare it to an old key which needs to be stored somewhere > secure Why invent a new caching? We already have an off-line authentication system -- standard Unix authentication. Rather than caching authentication, I'd just like fall back to local accounts when disconnected. When I'm in the airport, I should still be able to log into my laptop authenticating against /etc/shadow even though I'm either not on a network, or on a network but not able to access my ldap server, my kdc, etc. later, chris
