Subject: Re: kerberos on laptops
To: Nathan J. Williams <nathanw@MIT.EDU>
From: John Hawkinson <jhawk@MIT.EDU>
List: tech-net
Date: 12/31/2000 12:14:44
| The only part of this that can really be solved within the Kerberos
| model is keeping logins from hanging and using local authentication.

I'm somewhat puzzled why there is any hanging at all. Surely if there
is no default route, then kerberos should not need a timeout in order
to realize there is no kdc?

Also, I think it's rather problematic that the presence of krb5.conf
controls whether or not Kerberos is used by various programs like
login.  In my laptop's environment, I use kerberos for some specific
applications, but not for authorization of login. So I have to have
an /etc/not.krb5.conf and setenv KRB5_CONFIG to /etc/not.krb5.conf
in my dotfiles. Otherwise login hangs interminably. This is
annoying and frustrating. I haven't gotten around to PR-ing it only
because I haven't had time to think about it.

--jhawk