# Caching credentials from LDAP/Kerberos when offline; how?

## VinzC

Hi.

I'd like to setup a complete server and workstation infrastructure with LDAP (possibly with Kerberos). Currently I already have the server and it's working quite fine. I've tried to secure authentication as much as possible to avoid sending passwords in clear form over the network. My workstations are Windows but I'd like to migrate a few workstations to GNU/Linux. I'm mostly interested in migrating laptops.

The only unresolved issue with Gentoo is I haven't figured out how to cache credentials when laptops are offline. First I've seen pam_ccred is not in portage (yet?) so I wonder why. Is there a security issue Gentoo maintainers don't want to propagate?

Otherwise can a clever kerberos setup achieve credential caching? I've already done a little work with Kerberos authentication; with my preferred, working setup passwords aren't stored in the LDAP server. But I've not explored Kerberos very deeply so any hint or suggestion is welcome.

Thanks in advance.

----------

## VinzC

So I guess I'm all by myself on this one...

----------

## KShots

No, you're not the only one... I was looking for this a couple weeks ago, and there's an ebuild in the rion-overlay (layman -a rion) according this this bug report. Oddly enough, a google search turned up nothing but your post (the information I just gave is not found on google) - I just did a search for pam_ccred on bugs.gentoo.org.

----------

## VinzC

 :Laughing: 

Thanks a lot for the info. Will try it.

----------

## Claer

SSSD looks to be much more promising

http://gpo.zugaina.org/sys-auth/sssd

----------

## VinzC

For just a brief moment I thought your post was spam  :Very Happy:  .

Thanks for the hint.

----------

