Re: LDAP / NSCD shadow caching problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 07/15/2010 10:26 AM, Brian Marshall wrote:
> Then am I misinterpreting the fact that getent shadow returns data on
> ldap users when ldap is up but not when it's down?

It would be unusual, but not impossible for "getent shadow ..." to have 
the password hashes available.  If that is the case, you have a 
relatively poorly secured LDAP server.

On the other hand, it's fairly common for "getent shadow ..." to show 
you the shadow information other than the password hashes.

In neither case will nscd allow you to log in to the machine when the 
network is down.  nscd is the wrong tool for this.

> I guess I don't
> understand where that shadow data comes from when LDAP is up.

I didn't meant to imply that the LDAP server wouldn't supply anything at 
all, just that most of them won't hand out password hashes.

> I just did some brief testing on installing sssd and there's a ton of
> fedora packages I'll need to pull. Is anyone aware of any successful
> attempts in using sssd on CentOS 5?

Did you build it from source or were you trying to install one of the 
binary packages?  You'll definitely want to build from source.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux