[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Can log in with either local(shadow) or ldap password



Orion Poplawski wrote:
Gary Greene <greeneg <at> tolharadys.net> writes:
Problem is, far as I know, without using nss_cache, or something like it (libnss-db and friends, etc), you cannot cache credentials in a truly offline environment like notebooks run into for LDAP credentials using nscd. This coupled with nscd's track-record or silent failures that cannot be fixed reliably make the use of synchronized cached accounts a holy grail.

I agree completely.  Would not trust offline auth to nscd.  Haven't looked at
nss_cache/libnss-db.

I would like to be able to seed by off-line shadow account password from the
LDAP server, hence the other question about supporting SSHA in /etc/shadow. Anything preventing this other than lack of code?

If you really need everyone in the ldap server to be able to log in offline, can't you run a local ldap instance that sync's when online?

--
  Les Mikesell
   lesmikesell@xxxxxxxxx

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux