Public bug reported:
Binary package hint: authtool
I haven't found where to sent features, so I am using this:
We are using LDAP for authentication even on laptops. We have quiet
small LDAP database (< 100MiB) without kerberos. Because laptop needs to
work even when offline or when connected to network without internet
access.
Using this in /etc/nsswitch.conf can lockup computer sometime (network
problems).
passwd: files ldap
group: files ldap
Therefore we use this list of packages: libnss-ldap nss-updatedb
(for LDAP auth we have this libpam-ccreds libpam-ldap )
in /etc/nsswitch.conf I have this:
passwd: files db
group: files db
/etc/libnss-ldap.conf is configured as usually.
Every hour I run program:
fping ldap.server && nss_updatedb ldap
It downloads the LDAP database to /var/lib/misc/ every hour. The
configuration is read from this location by the NSS. The current package
version of nss_updatedb has a problem when LDAP server is not available
- therefore the fping command.
Advantage is that it is always working.
For authentication we use ccreds to locally store password and LDAP is
not available to authenticate against it.
auth [user_unknown=ignore authinfo_unavail=ignore default=done] pam_unix.so
nullok_secure
auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass
debug
auth [default=done] pam_ccreds.so action=validate use_first_pass
auth [default=done] pam_ccreds.so action=store use_first_pass
auth [default=bad] pam_ccreds.so action=update use_first_pass
** Affects: authtool (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
Caching support in authtool
https://bugs.launchpad.net/bugs/104679
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
