Derrick Brashear <[email protected]> writes: >> My laptop has a local copy of my password in hashed form, so it can let > > Oh. You're not typing a password, so this won't help you.
Er, sorry, I should have been more clear about that. I am typing in my password physically at the keyboard. My laptop has a copy of that password on the disk in hashed format so that it can verify that I typed in the correct password, but if somebody steals my laptop they can't simply read my password off the disk (at least I assume MacOS does this like all good unices do -- it would be a shame if it didn't; this is the only reason I consider it safe to use the same password for both my laptop's local login and my Kerberos principal). So, anyways, lack of network access will not delay the local operating system's decision about whether or not to let me proceed with my login. But it may delay the acquisition of tickets. But if I'm not on the network, then ending up logged in locally without tickets is no big deal -- especially if there's a daemon sitting around waiting for the network to come back. I guess it would need to be holding my unhashed password in memory, but with encrypted swap and a screensaver password that's still not a huge concern. - a _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
