[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Can log in with either local(shadow) or ldap password

From: Orion Poplawski <orion cora nwra com>
To: Pam-list redhat com
Cc:
Subject: Re: Can log in with either local(shadow) or ldap password
Date: Mon, 23 Feb 2009 22:13:11 +0000 (UTC)

Gary Greene <greeneg <at> tolharadys.net> writes:
> 
> Problem is, far as I know, without using nss_cache, or something like it 
> (libnss-db and friends, etc), you cannot cache credentials in a truly offline 
> environment like notebooks run into for LDAP credentials using nscd. This 
> coupled with nscd's track-record or silent failures that cannot be fixed 
> reliably make the use of synchronized cached accounts a holy grail.

I agree completely.  Would not trust offline auth to nscd.  Haven't looked at
nss_cache/libnss-db.

I would like to be able to seed by off-line shadow account password from the
LDAP server, hence the other question about supporting SSHA in /etc/shadow. 
Anything preventing this other than lack of code?

- Orion

Follow-Ups:
- Re: Can log in with either local(shadow) or ldap password
  - From: Les Mikesell

References:
- Can log in with either local(shadow) or ldap password
  - From: Orion Poplawski
- Re: Can log in with either local(shadow) or ldap password
  - From: RB
- Re: Can log in with either local(shadow) or ldap password
  - From: Gary Greene

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]