Hi Johan, Johan Hartzenberg píše v Po 27. 10. 2008 v 20:20 +0200: > > > On Mon, Oct 27, 2008 at 6:25 PM, Josh Rivel <[EMAIL PROTECTED]> > wrote: > Does not seem to work and then local accounts (i.e. root) are > not seen as valid ones unless LDAP is down (which is not what > we need) We just need a single account to only be able to > login if LDAP is down. I suppose I could put something into > that users .profile checking for the LDAP server and if it's > there to log itself out sort of thing. Not ideal, but might > suit the purpose for now. > > How about create an account locally AND in LDAP, but the one in LDAP > is set to not be able to login. > > Then in nsswitch.conf you set it to check ldap before files. > > > I'm not sure though, whether "cached" information may cause it to fail > - eg if the user tries to login with the admin account and shortly > after, while it is still cached on the system, ldap becomes > unavailable... That system may continue to refuse access to the > specific account based on cached information (which could then be > solved by a reboot) > >
Login is not cached and it's pam.conf relevant (mostly). Best regards, Milan _______________________________________________ opensolaris-discuss mailing list [email protected]
