[8849] in athena10
Re: [Debathena] #486: Write a caching NSS module
daemon@ATHENA.MIT.EDU (Debathena Trac)
Wed Feb 29 20:15:15 2012
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@MIT.EDU
To: broder@MIT.EDU, geofft@MIT.EDU, jdreed@MIT.EDU, dlaw@MIT.EDU
Date: Thu, 01 Mar 2012 01:15:08 -0000
Reply-To:
Message-ID: <057.baeb5789828ef8363d6463f1baf84550@mit.edu>
In-Reply-To: <042.d39a34e8c2624a7c806edaac2472f2d4@mit.edu>
Content-Transfer-Encoding: 8bit
#486: Write a caching NSS module
--------------------+-----------------------------------
Reporter: broder | Owner:
Type: task | Status: new
Priority: normal | Milestone: The Distant Future
Component: -- | Resolution:
Keywords: | Upstream bug:
--------------------+-----------------------------------
Comment (by geofft):
If we're switching to SSSD anyway, we should consider letting SSSD sit in
front of Kerberos too and cache passwords locally to defeat the Zanarotti
attack on keytabless public cluster machines (this is the solution Windows
has for the same attack against Active Directory, and also makes
performance suck a little less).
--
Ticket URL: <https://athena10.mit.edu/trac/ticket/486#comment:6>
Debathena <http://debathena.mit.edu>
MIT Debathena Project
