On Fri, 2011-11-18 at 15:55 +1100, Jiri Kanicky wrote: > Another good repro of the problem is that I login using cached > credentials, open Konsole (in KDE) and type "su". There is waiting > period of aprox. 5 seconds, then error. (does not even offer to type the > password)
I understand you are caching with nscd and libpam-ccreds. There are some known issues with interaction between the NSS module and nscd where the cache may end up being invalidated. It seems that if an NSS module returns a temporary error code instead of a permanent failure code nscd uses a cached value instead of reporting an error. That could explain some of the issues you're having. Some background on this issue can be found here: http://sources.redhat.com/bugzilla/show_bug.cgi?id=2132 I you are willing to test, I can provide a patch that make the NSS module return a different error code. Another thing is the delays. Since nslcd always tries to connect to the LDAP server several times on failures there will always be some delay. However, nslcd should fail rather quickly if connecting to the LDAP server failed before. You can tune the delay with the bind_timelimit, timelimit, reconnect_sleeptime and reconnect_retrytime options. Kind regards, -- -- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
