[CentOS] LDAP / NSCD shadow caching problem

Todd Denniston Todd.Denniston at tsb.cranrdte.navy.mil
Thu Jul 15 15:52:09 UTC 2010 

Brian Marshall wrote, On 07/15/2010 11:37 AM:
> Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability. 
> 
> Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file. 
> 
> So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
> 
> Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
> 
> Any advice?

authconfig -help

authconfig --enablecache --update

For some of the folks I work with, it works quite reliably, I on the other hand have had problems
_because_ it caches the info.


> 
> Thanks 
> 
> Brian
> 
> On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
> 
>>> The problem I am having is that shadow does not seem to get cached by
>>> nscd. Here's how I have tracked this down.
>> NSCD not caching shadow user credentials is a fact. There is nothing wrong
>> with your configuration. NSCD just does not do what you seem to expect
>> from it. You can't make it what you like to.
>>
>> If your LDAP server is gone, you will not be able to login. Run a replica
>> server to avoid a single point of failure.
>>
>>> Brian
>> Alexander
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 


-- 
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter

More information about the CentOS mailing list