systematic Kerberization

Ronny Buchmann ronny-vlug at vlugnet.org
Tue May 11 20:54:26 UTC 2004


On Tuesday 11 May 2004 19:19, Panu Matilainen wrote:
> I wrote a "pam_cache" module as an quick experiment a couple of years
> ago which grabs the essential user+auth information from LDAP when you
> login while connected to the network, rewrites the info to /etc/passwd &
> friends and thus keeps the accounts more-or-less in sync. It sorta
> worked but boy it was ugly :)
doesn't sound too bad
but I think it shouldn't change /etc/passwd but some /var/cache/pam or the 
like
And it should have some timeout (which of course only makes sense, if the 
hardware clock cannot be changed by the regular user)

> PADL has started some work towards this:
> http://www.padl.com/OSS/pam_ccreds.html and
> http://www.padl.com/OSS/nss_updatedb.html
> However the way it currently works is that it dumps the whole contents
> of user and group information from a directory to the local disk, which
> isn't really acceptable with tens of thousands of users and groups...
that sounds *really* ugly

-- 
http://LinuxWiki.org/RonnyBuchmann





More information about the fedora-devel-list mailing list