| I want to use centos-ds 8 for centralized authentication. I believe this is derived from fedora-ds 1.1. I want to know what is the best practice for storing posixgroups. In the envent that no DS is available, I want all of my system accounts to function as normal. If I use LDAP to store posixgroups, then all accounts will hang during login if my DS is down. I understand the reason is that even a local user must look at ldap to see what other groups this user belongs to. Is this something I should be concerned with? Or will services that are already running before loosing access to DS function as normal? I have several processes which use ssh to run commands on other machines. I imagine that this will fail, or be extremely delayed waiting for ldap to timeout. Two things that I could think of which could ease this problem a little. 1. Can I set nsswitch to give up on ldap after x seconds? Thus allowing local users to login without a major delay. 2. Can nscd 'not' expire records if it cannot contact ldap? |
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
