On Tue, 2005-05-17 at 10:03 -0500, W. Michael Petullo wrote: > I have been using Fedora Core's pam_ccreds package to allow my laptop to > authenticate users even when it is disconnected from my network's LDAP > server[1]. Recently, logging in to my computer when disconnected began to > fail. > > It seems that I was incorrectly relying on nscd to cache information for > long periods of time. Bug 150748 fixed nscd, but made it difficult to > abuse it in the way I require. > > After doing some research, I found nss_updatedb, a utility that maintains > a local cache of network directory user and group information. However, > nss_updatedb is not included in Fedora Core. > > What is the preferred way to use pam_ccreds on Fedora? Is anyone else > using this PAM module? Is nss_updatedb a prerequisite and, if so, will it > be packaged for Fedora? > > I think disconnected authentication is an important feature for Fedora and > would like to help work on it. You don't really need nss_updatedb, in fact nss_updatedb is totally unusable in *big* environments), nscd does all the necessary caching as of FC3 and beyond. What IS missing is integration of pam_ccreds into authconfig. There's a bug about it somewhere in RH bugzilla and apparently there's been (an RH internal) patch to authconfig floating around to add the support for configuring pam_ccreds, too bad it hasn't made the broad daylights so far despite me asking on a few occasions :-/ - Panu - -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-devel-list
