On Thu, Jul 16, 2009 at 09:41, Gary Greene<greeneg@xxxxxxxxxxxxxx> wrote: > The name service caching daemon (nscd) is a primary cause of difficulties with > name resolution, particularly where winbind is used. Winbind does its own > caching, thus nscd causes double caching which can lead to peculiar problems > during debugging. As a rule, it is a good idea to turn off the name service > caching daemon. I don't doubt the issues with double caching, but perhaps instead of killing the mosquito with a shotgun, it would be more prudent to use /etc/nscd.conf to either turn off credential caching or reduce its TTL to a fraction of winbind's. That said, I'm not sure caching is the issue here - you seem to have found the issue I saw as well (UID check with a completely non-local user). _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list