Todd Chaffin wrote: > We would like to have the capability to create a user account in LDAP and for > that user account to login to the mobile device when it is no longer > connected to the network. Also, can this be the initial login attempt for > this user on this offline mobile device. We are open to different install > configurations and If needed we could install something that holds a > read-only version of the user accounts that is synched while connected to the > network. > > Just a update on what should have been mentioned much earlier, we are using > Trusted Extensions on Solaris 10_u3.
We don't have that functionality at that level. You aren't the first to ask for this but you might be the first that can give us real requirements. One particular thing that interests me is that you said it that an offline login could be the first one for that account. That I think means you have to copy the entire LDAP database of user data to the mobile device since you wouldn't know in advance which user it was. Or do you know in advance which user it is for a given mobile device ? Are you just interested in the nameservice data for a given user (ie passwd,shadow,user_attr,project) or are you also interested in syncing the users home directory as well ? The fact that you are using TX complicates things a little but we would first have to implement the basics of this and in doing so make it work with TX. I think really this is an issue for laptop-discuss alias rather than security-discuss. Though I'm not sure anyone there will be able to help you. Many of the people working on nameservices stuff hang out here so hopefully one of them will see this. I'll ping a couple of them offline anyway. -- Darren J Moffat
