Re: Cached credentials and password expiration

From: Scott Lowe (slowe-NOSPAM_at_NOSPAM-mercurionsystems.com)
Date: 01/04/05 

Date: Mon, 3 Jan 2005 22:02:17 -0500

On 2005-01-03 21:20:49 -0500, "Herb Martin" <news@LearnQuick.com> said:

>>> They key here is (I believe) that you can only use
>>> cached credentials IF your computer cannot find
>>> a DC to authenticate itself.
>>
>> We know that given the current VPN connection method, users DO NOT have
>> access to a domain controller during the logon process. However, they
>> are connected to the VPN on a very regular basis, since the VPN
>> connection provides their *only* way to check e-mail and access other
>> mission-critical enterprise applications. The real question is, does
>> this regular (non-logon) network connectivity affect the cached
>> credentials and how they behave over time?
>
> Well, users might not, but how about the IAS server?
>
> Doesn't it authenticate the user through AD?

There is no IAS server in place in this environment currently; that is
slated to be added soon. In either event, the presence or absence of
an IAS server to perform RADIUS authentication does not affect
connectivity to the DCs during the logon process. (IAS will handle the
VPN authentication against AD, but that doesn't address logon
authentication--we need an updated VPN client for that.)

So...bottom line is this: To the best of everyone's knowledge thus
far, the cached credentials do not also store password information
expiration, and therefore the expiration of a user's password on the
domain should not affect their ability to logon locally with cached
credentials. Is that correct?

Does anyone know under what circumstances it is possible for cached
credentials to be damaged or corrupted and not function correctly any
longer?

TIA. 

-- 
Scott Lowe
Mercurion Systems, Inc.

Relevant Pages

  • Re: Pix VPN client question
    ... The IAS server, and access to it, works like a charm. ... connection to the IAS/LAN behind the Pix 506 if I place my PC outside my own ... Pix506 (or just make an VPN connection to any Pix). ... > create access-lists and an access-group. ...
    (comp.security.firewalls)
  • Re: Pix VPN client question
    ... The IAS server, and access to it, works like a charm. ... connection to the IAS/LAN behind the Pix 506 if I place my PC outside my own ... Pix506 (or just make an VPN connection to any Pix). ... > create access-lists and an access-group. ...
    (comp.security.firewalls)
  • RE: PPTP VPN connection problems
    ... Since you want to contact your local MS support for help, ... Additional, you can establish the VPN connection from internal client, that ... | A ping to the server would result in "Request timed out". ...
    (microsoft.public.windows.server.sbs)
  • RE: PPTP VPN connection problems
    ... But I do not think it is in the ADSL router itself. ... They do not say it but maybe they prohibit VPN connections ... fix IP for my connection – PPPoE/PPPoA) subscription at belgacom in Belgium ... | A ping to the server would result in "Request timed out". ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Client
    ... Thanks for the help on losing the remote connection when you connect to VPN. ... Regarding the router port forward issue, you should point the port 1723 to ...
    (microsoft.public.windows.server.sbs)