On 07/15/2010 10:26 AM, Brian Marshall wrote: > Then am I misinterpreting the fact that getent shadow returns data on > ldap users when ldap is up but not when it's down? It would be unusual, but not impossible for "getent shadow ..." to have the password hashes available. If that is the case, you have a relatively poorly secured LDAP server. On the other hand, it's fairly common for "getent shadow ..." to show you the shadow information other than the password hashes. In neither case will nscd allow you to log in to the machine when the network is down. nscd is the wrong tool for this. > I guess I don't > understand where that shadow data comes from when LDAP is up. I didn't meant to imply that the LDAP server wouldn't supply anything at all, just that most of them won't hand out password hashes. > I just did some brief testing on installing sssd and there's a ton of > fedora packages I'll need to pull. Is anyone aware of any successful > attempts in using sssd on CentOS 5? Did you build it from source or were you trying to install one of the binary packages? You'll definitely want to build from source.