Le lundi 23 février 2009 23:17, Les Mikesell a écrit : |> Orion Poplawski wrote: |> > Gary Greene <greeneg <at> tolharadys.net> writes: |> >> Problem is, far as I know, without using nss_cache, or something like it |> >> (libnss-db and friends, etc), you cannot cache credentials in a truly offline |> >> environment like notebooks run into for LDAP credentials using nscd. This |> >> coupled with nscd's track-record or silent failures that cannot be fixed |> >> reliably make the use of synchronized cached accounts a holy grail. |> > |> > I agree completely. Would not trust offline auth to nscd. Haven't looked at |> > nss_cache/libnss-db. |> > |> > I would like to be able to seed by off-line shadow account password from the |> > LDAP server, hence the other question about supporting SSHA in /etc/shadow. |> > Anything preventing this other than lack of code? |> |> If you really need everyone in the ldap server to be able to log in |> offline, can't you run a local ldap instance that sync's when online? |> hi have you tried libpam-ccreds... Description: Pam module to cache authentication credentials This package provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable. Used in conjunction with the nss_updatedb utility, it provides a mechanism for disconnected use of network directories. They are designed to work with libpam-ldap and libnss-ldap. Tag: security::authentication the authentification works well but you can not cache accounting information... _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list