Welcome to the Linux Foundation Forum!

LDAP Cached Authentication

Hi there!

Ever since I got LDAP to work I've been wondering which is the right way to authenticate laptop users when they can't reach the LDAP server.

I tried a few pam modules such as pam_ccreds and a procedure which involves nss-updatedb and modifying libnss-db. More details can be found here.

That didn't work, but I also read that nss-updatedb is not such a good idea as it downloads the necessary authentication information for all users and not just for those with recent successful authentication. Thus generating a big amount of network traffic.

Which is the right way to go? Is it otherwise impossible to use a laptop with LDAP? I would prefer if I don't have to create a local username on every laptop.

Thanks!

Fede

PS: Using OpenSUSE but I believe it doesn't really make much difference in this case

Comments

  • You may be able to use nscd and tweek the time to live settings.

    man nscd
    man nscd.conf

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Welcome!

It looks like you're new here. Sign in or register to get started.
Sign In

Categories

Upcoming Training