On Wed, May 28, 2008 at 9:02 AM, Jeffrey Altman <
jaltman@secure-endpoints.com> wrote:

> David Bear wrote:
>
>> We have the challenge of supporting very mobile users who may hop between
>> many wireless networks. These machine are joined to an AD domain so when
>> they hop on to a wireless network, they are logged on using whatever
>> credentials windows has cached. This seems to cause an issue for KfW
>> and/or
>> Openafs. I am wondering of KfW handles the situation where it cannot
>> contact
>> a KDC becuase there is no network path available because windows hasn't
>> connected to any network. Can KfW be instructed to wait a certain time
>> period for trying to get a tgt? Or, can KfW wait for an event, like the
>> availability of a wireless network -- and then contact the kdc for
>> credentials?
>>
>> KFW does not cache the user's password. If the KDC is not reachable

> during logon, the user will not obtain credentials.
>
> The user can obtain credentials at a later time using Network Identity
> Manager. You can configure NetIdMgr to monitor network connectivity and
> prompt the user to obtain credentials if s/he has none.
>
>
> Then we should configured KfW to NOT get credentials at logon, and set it

to prompt for logon when the network becomes active? I think I found that
setting in NiM under options->general (uncheck obtain new credentials at
startup).

monitor network activity is also currently checked. I assume that is what
needs to be checked to have NiM prompt for logon when available?


--
David Bear
College of Public Programs at ASU
602-464-0424