On Wed, 12 May 2004, Dennis Gilmore wrote: > Once upon a time Wednesday 12 May 2004 12:14 am, Chris Ricker wrote: > > On Wed, 12 May 2004, Dennis Gilmore wrote: > > > because organisations with thousands of users want to setup > > > authentication once only in a central place and have that information > > > used for many different services and servers as well as different > > > machines. > > > > Organizations also want security. Random authentication caching mechanisms > > are kinda counter to that.... > > > > later, > > chris > > > perhaps you shold read up on how kerberos authenticates users I'm well aware of how it works. I'm also aware that it doesn't solve the problem of wanting to work disconnected. Kerberos ticket caching still requires initial connectivity. It also does nothing for LDAP, NIS, etc. You'd need a totally new ad-hoc caching mechanism above and beyond the krb ticket cache, and I don't think it would turn out to be something any sane organization would want.... Local accounts, OTOH, are an access control mechanism that is at least well-understood, which is why our standard is to fall back to them if distributed is unavailable. later, chris
