Can log in with either local(shadow) or ldap password
Les Mikesell
les at futuresource.com
Mon Feb 23 22:17:46 UTC 2009
Orion Poplawski wrote:
> Gary Greene <greeneg <at> tolharadys.net> writes:
>> Problem is, far as I know, without using nss_cache, or something like it
>> (libnss-db and friends, etc), you cannot cache credentials in a truly offline
>> environment like notebooks run into for LDAP credentials using nscd. This
>> coupled with nscd's track-record or silent failures that cannot be fixed
>> reliably make the use of synchronized cached accounts a holy grail.
>
> I agree completely. Would not trust offline auth to nscd. Haven't looked at
> nss_cache/libnss-db.
>
> I would like to be able to seed by off-line shadow account password from the
> LDAP server, hence the other question about supporting SSHA in /etc/shadow.
> Anything preventing this other than lack of code?
If you really need everyone in the ldap server to be able to log in
offline, can't you run a local ldap instance that sync's when online?
--
Les Mikesell
lesmikesell at gmail.com
More information about the Pam-list
mailing list