On 2013-06-26, Brett Lymn <[email protected]> wrote: > On Tue, Jun 25, 2013 at 10:33:23AM +0200, Ingo Schwarze wrote: >> Ioana b wrote on Mon, Jun 24, 2013 at 06:37:04AM -0700: >> >> > is there any kind of "name service cache" system like nscd for linux >> > available any time soon? It would be helpful to have a cache for the >> > users password in case the authentication system is unavailable. >> >> Let's *not* do that. I experienced PITA many times on Linux >> because of outdated cache entries and users complaining "thank >> you for changing/updating/fixing my account data, but somehow >> it still doesn't seem to work..." - me: "did you try on one of >> our OpenBSD hosts?" - user: "yes, it does work fine there." >> >> See the problem? >> > > Yup, lack of nscd -i by the sysadmin... >
Do you mean you have to run a command on a potentially large number of client machines to pick up the fact that you've just disabled a compromised account? That doesn't sound optimal.
