Skip to content
    • Welcome to the Linux Foundation Forum!

    LDAP Cached Authentication

    Posts: 9
    in Linux Security

    Hi there!

    Ever since I got LDAP to work I've been wondering which is the right way to authenticate laptop users when they can't reach the LDAP server.

    I tried a few pam modules such as pam_ccreds and a procedure which involves nss-updatedb and modifying libnss-db. More details can be found here.

    That didn't work, but I also read that nss-updatedb is not such a good idea as it downloads the necessary authentication information for all users and not just for those with recent successful authentication. Thus generating a big amount of network traffic.

    Which is the right way to go? Is it otherwise impossible to use a laptop with LDAP? I would prefer if I don't have to create a local username on every laptop.

    Thanks!

    Fede

    PS: Using OpenSUSE but I believe it doesn't really make much difference in this case

    Comments

    • Posts: 3
      You may be able to use nscd and tweek the time to live settings.

      man nscd
      man nscd.conf

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Sign In

    Welcome!

    It looks like you're new here. Sign in or register to get started.
    Sign In

    Quick Links

    Categories

    Upcoming Training