Ever since I got LDAP to work I've been wondering which is the right way to authenticate laptop users when they can't reach the LDAP server.
I tried a few pam modules such as pam_ccreds and a procedure which involves nss-updatedb and modifying libnss-db. More details can be found here.
That didn't work, but I also read that nss-updatedb is not such a good idea as it downloads the necessary authentication information for all users and not just for those with recent successful authentication. Thus generating a big amount of network traffic.
Which is the right way to go? Is it otherwise impossible to use a laptop with LDAP? I would prefer if I don't have to create a local username on every laptop.
PS: Using OpenSUSE but I believe it doesn't really make much difference in this case