LDAP Cached Authentication

fedev

Hi there!

Ever since I got LDAP to work I've been wondering which is the right way to authenticate laptop users when they can't reach the LDAP server.

I tried a few pam modules such as pam_ccreds and a procedure which involves nss-updatedb and modifying libnss-db. More details can be found here.

That didn't work, but I also read that nss-updatedb is not such a good idea as it downloads the necessary authentication information for all users and not just for those with recent successful authentication. Thus generating a big amount of network traffic.

Which is the right way to go? Is it otherwise impossible to use a laptop with LDAP? I would prefer if I don't have to create a local username on every laptop.

Thanks!

Fede

PS: Using OpenSUSE but I believe it doesn't really make much difference in this case

bluedemon

You may be able to use nscd and tweek the time to live settings.

man nscd
man nscd.conf