1. everything will work as soon as the Kerberos server comes back online 2. Kerberos can replicate to slave servers with failover to ensure reliability 3. On Linux, PAM can be configured to allow for fall-through if Kerberos fails. This is how root normall logs in. The problem is that this requires that the user have a password on the local box.
But to summarize, a user whose password is only in Kerberos, which is preferred will be locked out of a machine if the machine cannot talk to a master or slave Kerberos server. This is the same situation for any network-based authentication and includes LDAP. Sincerely, Jason Jason Edgecombe Solaris & Linux Administrator Mosaic Computing Group, College of Engineering UNC-Charlotte Phone: (704) 687-3514 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Greene Sent: Wednesday, September 05, 2007 4:34 PM To: [email protected] Subject: Kerberos auth and the loss of the network I am very new to kerberos so please forgive me... One of my co-workers is telling me that if you implement kerberos in our Linux infrastructure we will be in a serious bind of the network connection between work servers and the kerberos server or if the kerberos server dies we will be locked out of the linux work servers either until we reboot into single user or rebuild or get the kerberos server back online. Is this true? Will I not be able to log into the box with a local account? -- Jason Greene ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
