LDAP Cached Authentication

Link to this post 14 Dec 09

Hi there!

Ever since I got LDAP to work I've been wondering which is the right way to authenticate laptop users when they can't reach the LDAP server.

I tried a few pam modules such as pam_ccreds and a procedure which involves nss-updatedb and modifying libnss-db. More details can be found here.

That didn't work, but I also read that nss-updatedb is not such a good idea as it downloads the necessary authentication information for all users and not just for those with recent successful authentication. Thus generating a big amount of network traffic.

Which is the right way to go? Is it otherwise impossible to use a laptop with LDAP? I would prefer if I don't have to create a local username on every laptop.



PS: Using OpenSUSE but I believe it doesn't really make much difference in this case

Link to this post 15 Dec 09

You may be able to use nscd and tweek the time to live settings.

man nscd
man nscd.conf

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board