[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Can log in with either local(shadow) or ldap password

Le lundi 23 février 2009 23:17, Les Mikesell a écrit :
|> Orion Poplawski wrote:
|> > Gary Greene <greeneg <at> tolharadys.net> writes:
|> >> Problem is, far as I know, without using nss_cache, or something like it 
|> >> (libnss-db and friends, etc), you cannot cache credentials in a truly offline 
|> >> environment like notebooks run into for LDAP credentials using nscd. This 
|> >> coupled with nscd's track-record or silent failures that cannot be fixed 
|> >> reliably make the use of synchronized cached accounts a holy grail.
|> > 
|> > I agree completely.  Would not trust offline auth to nscd.  Haven't looked at
|> > nss_cache/libnss-db.
|> > 
|> > I would like to be able to seed by off-line shadow account password from the
|> > LDAP server, hence the other question about supporting SSHA in /etc/shadow. 
|> > Anything preventing this other than lack of code?
|> If you really need everyone in the ldap server to be able to log in 
|> offline, can't you run a local ldap instance that sync's when online?

have you tried libpam-ccreds...

Description: Pam module to cache authentication credentials
 This package provides the means for Linux workstations to locally
 authenticate using an enterprise identity when the network is unavailable.
 Used in conjunction with the nss_updatedb utility, it provides a mechanism for
 disconnected use of network directories. They are designed to work with
 libpam-ldap and libnss-ldap.
Tag: security::authentication

the authentification works well but you can not cache accounting information...

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]