On Tue, 2005-05-17 at 10:03 -0500, W. Michael Petullo wrote:
I have been using Fedora Core's pam_ccreds package to allow my
laptop to
authenticate users even when it is disconnected from my network's LDAP
server[1]. Recently, logging in to my computer when disconnected began to
fail.
It seems that I was incorrectly relying on nscd to cache information for
long periods of time. Bug 150748 fixed nscd, but made it difficult to
abuse it in the way I require.
After doing some research, I found nss_updatedb, a utility that maintains
a local cache of network directory user and group information. However,
nss_updatedb is not included in Fedora Core.
What is the preferred way to use pam_ccreds on Fedora? Is anyone else
using this PAM module? Is nss_updatedb a prerequisite and, if so, will it
be packaged for Fedora?
I think disconnected authentication is an important feature for Fedora and
would like to help work on it.
You don't really need nss_updatedb, in fact nss_updatedb is totally
unusable in *big* environments), nscd does all the necessary caching as
of FC3 and beyond. What IS missing is integration of pam_ccreds into
authconfig. There's a bug about it somewhere in RH bugzilla and
apparently there's been (an RH internal) patch to authconfig floating
around to add the support for configuring pam_ccreds, too bad it hasn't
made the broad daylights so far despite me asking on a few occasions :-/
- Panu -