Once upon a time Tuesday 11 May 2004 11:24 pm, Havoc Pennington wrote: > On Tue, 2004-05-11 at 00:37, Jeremy Katz wrote: > > This isn't the first strong customer request for disconnected operation. > I have no idea what's involved though (it seems like there would be some > tricky security issues?). I could ask Nalin, but public lists beat > hallway conversations. ;-) I had a thought on some way of maybe acheiving this when you log in for first time to the kerberos Authentication server a new entry is placed in /etc/passwd but instead of a x for shadow password you use a k for kerberos when you generate the key between the Authentication server and user you encrypt the password with it and save in /etc/kerberos/<username> so then in the future if the user is disconnected they can generate the key and decrypt the password when not connecte to the network. Just an idea Dennis
