Todd Chaffin wrote:
Is it possible to use LDAP from a workstation that has been initialized as an LDAP client but has lost its network connection? A simple way to put it is “can you login via an LDAP userid on a workstation that has lost its network connectivity?” Is network connectivity a must for LDAP to work after client has lost network connectivity.
I don't believe so.
There are two different ways you could be doing the authentication.
1) pam_unix_auth with ldap listed in nsswitch.conf.
For this to work nscd would need to be caching the data for getspnam()
I don't believe it does that even now (it certainly never used to).
This is basically the same as files/NIS/NIS+ ie, getspnam/crypt/strcmp.
2) pam_ldap.
This does an LDAP_BIND to the server and thus requires the server to be
present. In this case the server may be configured in such away that
the client can't even see the password data at all; so there is no way
the client could have cached that.
Are you really asking about a mobile system that sometimes has to
authenticate offline or just how to login as a non system account when
the LDAP service isn't available ?
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
