Re: [nssldap] Re: disconnected nss_ldap
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] Re: disconnected nss_ldap
- From: Ryan Lynch <ryan.b.lynch [at] gmail.com>
- To: "Brian J. Murrell" <brian [at] interlinx.bc.ca>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] Re: disconnected nss_ldap
- Date: Sat, 24 Oct 2009 03:54:58 -0400
On Sat, Oct 24, 2009 at 03:49, Ryan Lynch <ryan.b.lynch@gmail.com> wrote:
> On Sat, Oct 24, 2009 at 02:17, Brian J. Murrell <brian@interlinx.bc.ca> wrote:
>> On Sat, 2009-10-24 at 01:38 -0400, Brian J. Murrell wrote:
>>>
>>> But as soon as the LDAP server is available again, ssh to the node works
>>> just fine.
>>
>> I fixed this. This is because of pam_unix's account mode. It wants to
>> verify the shadow entry when the passwd entry contains a "x" for the
>> password -- hence my previous thread about fixing this in nss_ldap.
>> Adding broken_shadow to pam_unix's entry in the account mode works
>> around it.
>
> So nscd IS caching shadow info (password hashes), for you? I didn't
> think it would handle that, but I guess it makes sense. In that case,
> I'm not sure if there's an advantage to useing 'pam_ccreds' and
> 'pam_ldap' over nscd's shadow caching.
Wrong again--I just noticed your other thread, where you mentioned
that you're using Kerberos to authenticate. I had no idea, I thought
you were doing pure LDAP.
- Re: [nssldap] disconnected nss_ldap, (continued)
