[CentOS] LDAP / NSCD shadow caching problem
Gordon Messmer
yinyang at eburg.com
Fri Jul 16 00:09:35 UTC 2010
On 07/15/2010 10:26 AM, Brian Marshall wrote:
> Then am I misinterpreting the fact that getent shadow returns data on
> ldap users when ldap is up but not when it's down?
It would be unusual, but not impossible for "getent shadow ..." to have
the password hashes available. If that is the case, you have a
relatively poorly secured LDAP server.
On the other hand, it's fairly common for "getent shadow ..." to show
you the shadow information other than the password hashes.
In neither case will nscd allow you to log in to the machine when the
network is down. nscd is the wrong tool for this.
> I guess I don't
> understand where that shadow data comes from when LDAP is up.
I didn't meant to imply that the LDAP server wouldn't supply anything at
all, just that most of them won't hand out password hashes.
> I just did some brief testing on installing sssd and there's a ton of
> fedora packages I'll need to pull. Is anyone aware of any successful
> attempts in using sssd on CentOS 5?
Did you build it from source or were you trying to install one of the
binary packages? You'll definitely want to build from source.
More information about the CentOS
mailing list