Hello all. Thanks in advance for your time. I've got a working Kerberos & LDAP configuration and I have users who've left the systems. Ignoring the good/bad aspects of the policy of deleting vs locking out users for a moment, I am wondering about the internal behavior of Kerberos.
If Kerberos provides the authentication information for users (but is only coupled to LDAP via the user's name) then I *believe* that I can delete a user's principle to prohibit use of the account and then, when the appropriate authority tells me the user is allowed back in, I can just create a new principle for this user and all will be right with the world. The assumption is of course that the lock/unlock period is beyond the life-time of any tickets. The reason I'm pinging this list is I know I don't know enough about Kerberos to be 100% right and I also know that if I make a mistake doo-doo hits the oscillating air circulator. So I figured I'd take hat-in-hand and ask some more seasoned folks. Am I missing an elephant in the room? Thanks for your time and opinins. :) -- << MCT >> Michael C Tiernan http://www.linkedin.com/in/mtiernan _______________________________________________ Tech mailing list Tech@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
