Disconnected operation

Summary

Allow caching of credentials (LDAP, Kerberos etc.) so that disconnected operation is possible and seamless.

Owner

Name: BojanSmojver

Current status

Targeted release: N/A
Last updated: (2008-03-26)
Percentage of completion: 0%

Detailed Description

Anaconda provides no mechanisms to activate cached credentials and network information, neither in the GUI nor in kickstart files. Fedora ships with pam_ccreds and nscd, which are supposed to take care just of that. The pam_ccred module does a good job of caching credentials, but nscd was not designed to cache network information during extended periods of disconnection. As such, even if existing solutions were integrated well, they still leave much room for improvement.

There has been some discussion on the FreeIPA mailing list about solving this problem.

Benefit to Fedora

It's extremely useful for server-based authentication, especially for mobile users. It would allow people that authenticated against LDAP, Kerberos etc. to disconnect their machine from the network and still be able to login or authenticate against GNOME screensaver and similar. It can also be useful if authentication server goes down.

Scope

A comprehensive solution needs to be developed and Anaconda must support configuring it. Authconfig needs to become aware of it too.

Test Plan

Configure lots of notebooks out there by hand first and test with Kerberos and LDAP.
Take best experiences and build them into anaconda/authconfig.

User Experience

If configured, users should be able to continue using their system that normally authenticates against a network server as if they had authentication done by local files.

Dependencies

pam_ccreds and nscd (already there)
required anaconda changes
required authconfig changes
the mysterious FreeIPA's BlueBox?

Contingency Plan

N/A

Documentation

Release Notes

Search

Features/DisconnectedOperation

Contents