pam_ccreds and Fedora
Panu Matilainen
pmatilai at welho.com
Tue May 17 18:53:44 UTC 2005
On Tue, 2005-05-17 at 10:03 -0500, W. Michael Petullo wrote:
> I have been using Fedora Core's pam_ccreds package to allow my laptop to
> authenticate users even when it is disconnected from my network's LDAP
> server[1]. Recently, logging in to my computer when disconnected began to
> fail.
>
> It seems that I was incorrectly relying on nscd to cache information for
> long periods of time. Bug 150748 fixed nscd, but made it difficult to
> abuse it in the way I require.
>
> After doing some research, I found nss_updatedb, a utility that maintains
> a local cache of network directory user and group information. However,
> nss_updatedb is not included in Fedora Core.
>
> What is the preferred way to use pam_ccreds on Fedora? Is anyone else
> using this PAM module? Is nss_updatedb a prerequisite and, if so, will it
> be packaged for Fedora?
>
> I think disconnected authentication is an important feature for Fedora and
> would like to help work on it.
You don't really need nss_updatedb, in fact nss_updatedb is totally
unusable in *big* environments), nscd does all the necessary caching as
of FC3 and beyond. What IS missing is integration of pam_ccreds into
authconfig. There's a bug about it somewhere in RH bugzilla and
apparently there's been (an RH internal) patch to authconfig floating
around to add the support for configuring pam_ccreds, too bad it hasn't
made the broad daylights so far despite me asking on a few occasions :-/
- Panu -
More information about the fedora-devel-list
mailing list