| View previous topic :: View next topic |
| Author |
Message |
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
 Posted: Wed Nov 25, 2009 4:42 pm Post subject: Caching credentials from LDAP/Kerberos when offline; how? |
 |
|
Hi.
I'd like to setup a complete server and workstation infrastructure with LDAP (possibly with Kerberos). Currently I already have the server and it's working quite fine. I've tried to secure authentication as much as possible to avoid sending passwords in clear form over the network. My workstations are Windows but I'd like to migrate a few workstations to GNU/Linux. I'm mostly interested in migrating laptops.
The only unresolved issue with Gentoo is I haven't figured out how to cache credentials when laptops are offline. First I've seen pam_ccred is not in portage (yet?) so I wonder why. Is there a security issue Gentoo maintainers don't want to propagate?
Otherwise can a clever kerberos setup achieve credential caching? I've already done a little work with Kerberos authentication; with my preferred, working setup passwords aren't stored in the LDAP server. But I've not explored Kerberos very deeply so any hint or suggestion is welcome.
Thanks in advance.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
 |
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Sat Dec 05, 2009 9:30 am Post subject: |
|
|
So I guess I'm all by myself on this one...
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
KShots
Guru
Joined: 09 Oct 2003
Posts: 595
Location: Florida
|
| Posted: Fri May 28, 2010 1:55 pm Post subject: |
|
|
No, you're not the only one... I was looking for this a couple weeks ago, and there's an ebuild in the rion-overlay (layman -a rion) according this this bug report. Oddly enough, a google search turned up nothing but your post (the information I just gave is not found on google) - I just did a search for pam_ccred on bugs.gentoo.org.
_________________
Life without passion is death in disguise |
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Sun May 30, 2010 5:57 pm Post subject: |
|
|
Thanks a lot for the info. Will try it.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
Claer
n00b
Joined: 11 Feb 2003
Posts: 22
|
|
| Back to top |
|
|
VinzC
Watchman
Joined: 17 Apr 2004
Posts: 5098
Location: Dark side of the mood
|
| Posted: Tue Jun 08, 2010 1:48 pm Post subject: |
|
|
For just a brief moment I thought your post was spam  .
Thanks for the hint.
_________________
Gentoo addict: tomorrow I quit, I promise!... Just one more emerge...
1739! |
|
| Back to top |
|
|
|
Networking & Security
