Allow caching of credentials (LDAP, Kerberos etc.) so that disconnected operation is possible and seamless.
- Name: BojanSmojver
- Targeted release: N/A
- Last updated: (2008-03-26)
- Percentage of completion: 0%
Anaconda provides no mechanisms to activate cached credentials and network information, neither in the GUI nor in kickstart files. Fedora ships with pam_ccreds and nscd, which are supposed to take care just of that. The pam_ccred module does a good job of caching credentials, but nscd was not designed to cache network information during extended periods of disconnection. As such, even if existing solutions were integrated well, they still leave much room for improvement.
There has been some discussion on the FreeIPA mailing list about solving this problem.
Benefit to Fedora
It's extremely useful for server-based authentication, especially for mobile users. It would allow people that authenticated against LDAP, Kerberos etc. to disconnect their machine from the network and still be able to login or authenticate against GNOME screensaver and similar. It can also be useful if authentication server goes down.
A comprehensive solution needs to be developed and Anaconda must support configuring it. Authconfig needs to become aware of it too.
- Configure lots of notebooks out there by hand first and test with Kerberos and LDAP.
- Take best experiences and build them into anaconda/authconfig.
- If configured, users should be able to continue using their system that normally authenticates against a network server as if they had authentication done by local files.
- pam_ccreds and nscd (already there)
- required anaconda changes
- required authconfig changes
- the mysterious FreeIPA's BlueBox?