On 20/08/12 17:10, Booker Bense wrote: > On Fri, Aug 10, 2012 at 8:26 PM, Darek M <[email protected]> wrote: >> Hi there, I'm sorry that this won't be strictly limited to Kerberos. >> >> I have an MIT/OpenLDAP set up running in a FreeBSD environment where >> nss_ldap provides user data and kerberos the authentication. >> >> The problem is that when the system goes offline (as it can easily >> happen), logging in becomes near impossible. It takes 5 minutes on a >> console login for LDAP lookups to time out (between DNS lookup >> retries, nss retries, timeouts, etc).
Hi I don't know whether caching is the clue here but we ditched nss-ldap in favour of nss-pam-ldapd. It's faster all around and has a good caching system, nslcd. The switchover from one to the other is really easy and may be worth a try. Cheers, Steve ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
