pam_ccreds and Fedora

Panu Matilainen pmatilai at welho.com
Tue May 17 18:53:44 UTC 2005


On Tue, 2005-05-17 at 10:03 -0500, W. Michael Petullo wrote:
> I have been using Fedora Core's pam_ccreds package to allow my laptop to
> authenticate users even when it is disconnected from my network's LDAP
> server[1].  Recently, logging in to my computer when disconnected began to
> fail.
> 
> It seems that I was incorrectly relying on nscd to cache information for
> long periods of time.  Bug 150748 fixed nscd, but made it difficult to
> abuse it in the way I require.
> 
> After doing some research, I found nss_updatedb, a utility that maintains
> a local cache of network directory user and group information.  However,
> nss_updatedb is not included in Fedora Core.
> 
> What is the preferred way to use pam_ccreds on Fedora?  Is anyone else
> using this PAM module?  Is nss_updatedb a prerequisite and, if so, will it
> be packaged for Fedora?
> 
> I think disconnected authentication is an important feature for Fedora and
> would like to help work on it.

You don't really need nss_updatedb, in fact nss_updatedb is totally
unusable in *big* environments), nscd does all the necessary caching as
of FC3 and beyond. What IS missing is integration of pam_ccreds into
authconfig. There's a bug about it somewhere in RH  bugzilla and
apparently there's been (an RH internal) patch to authconfig floating
around to add the support for configuring pam_ccreds, too bad it hasn't
made the broad daylights so far despite me asking on a few occasions :-/

	- Panu -




More information about the fedora-devel-list mailing list