[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] FreeIPA and mobile users



Is anyone thinking about how to integrate mobile users into a FreeIPA
network?

When a laptop is away from a LAN, its owner should still be able to log
in. Windows allows one to do this -- account information is cached.

The pam_ccreds module will cache account information, but does not work
with SELinux, see [1].

nss_updatedb will maintain a local cache of network directory user and
group information. However, people have commented that this may not be
a good solution for large installations because all information is cached.

nscd will also cache directory information, but it isn't really meant
to support disconnected operations. For example, while the timeout period
of cached information can be increased, it will supercede the server's
information if it was updated during this period. So, there may be
discontinuity when a laptop is reconnected to a network whose directory
has changed. See [2].

Some notes I have taken on this issue are available at [3].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=154133
[2] http://sources.redhat.com/bugzilla/show_bug.cgi?id=2132
[3] http://www.flyn.org/laptopldap/laptopldap.html

--
Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]