Caching support in authtool

Bug #104679 reported by Petr Ferschmann
Affects Status Importance Assigned to Milestone
authtool (Ubuntu)

Bug Description

Binary package hint: authtool

I haven't found where to sent features, so I am using this:

We are using LDAP for authentication even on laptops. We have quiet small LDAP database (< 100MiB) without kerberos. Because laptop needs to work even when offline or when connected to network without internet access.

Using this in /etc/nsswitch.conf can lockup computer sometime (network problems).
passwd: files ldap
group: files ldap

Therefore we use this list of packages: libnss-ldap nss-updatedb (for LDAP auth we have this libpam-ccreds libpam-ldap )

in /etc/nsswitch.conf I have this:
passwd: files db
group: files db

/etc/libnss-ldap.conf is configured as usually.

Every hour I run program:
fping ldap.server && nss_updatedb ldap

It downloads the LDAP database to /var/lib/misc/ every hour. The configuration is read from this location by the NSS. The current package version of nss_updatedb has a problem when LDAP server is not available - therefore the fping command.

Advantage is that it is always working.

For authentication we use ccreds to locally store password and LDAP is not available to authenticate against it.

auth [user_unknown=ignore authinfo_unavail=ignore default=done] nullok_secure
auth [authinfo_unavail=ignore success=1 default=2] use_first_pass debug
auth [default=done] action=validate use_first_pass
auth [default=done] action=store use_first_pass
auth [default=bad] action=update use_first_pass

Changed in authtool:
importance: Undecided → Wishlist
status: Unconfirmed → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.