[CentOS] LDAP / NSCD shadow caching problem
Todd Denniston
Todd.Denniston at tsb.cranrdte.navy.mil
Thu Jul 15 15:52:09 UTC 2010
Brian Marshall wrote, On 07/15/2010 11:37 AM:
> Yes but I have worked in many organizations that use directory services for authentication and my machines with them have always cached authentication data so I can login if I'm not online. I can't expect laptop users to always have a network connection. If Mac OS and Windows can manage to cache network authentication for offline use, I can't believe that linux does not have this capability.
>
> Perhaps my wanting to cache my shadow data or use nscd for this purpose is not the correct way to achieve this. But the only other well discussed option I have found is nsscache which doesn't seem to work very well and their library doesn't seem to install on centos 5. Unfortunately I'm way to much of a hack C programmer to fix it, especially since they don't provide a configure file.
>
> So, assuming maybe we put the conversation of nscd shadow caching aside and just talk about how to cache ldap data on a centos system so it can authenticate users in the absence of a network. Creating local passwd/group/shadow data is not an option.
>
> Again, I can't stress this enough. I am convinced I am doing something wrong or going about this the wrong way. I'm just not understanding how to either fix the problem at hand or solve it another or proper way.
>
> Any advice?
authconfig -help
authconfig --enablecache --update
For some of the folks I work with, it works quite reliably, I on the other hand have had problems
_because_ it caches the info.
>
> Thanks
>
> Brian
>
> On Jul 15, 2010, at 4:58 AM, Alexander Dalloz wrote:
>
>>> The problem I am having is that shadow does not seem to get cached by
>>> nscd. Here's how I have tracked this down.
>> NSCD not caching shadow user credentials is a fact. There is nothing wrong
>> with your configuration. NSCD just does not do what you seem to expect
>> from it. You can't make it what you like to.
>>
>> If your LDAP server is gone, you will not be able to login. Run a replica
>> server to avoid a single point of failure.
>>
>>> Brian
>> Alexander
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
More information about the CentOS
mailing list