> Just be careful with LDAP login authentication; I've seen a server where > if the LDAP subsystem falls over, you can't log in as root on the console. > > Its an obsolete system so I'm not going to be fixing it, but when LDAP > fails its not good. Time to give it the three-fingered salute and hope > that LDAP does run ok after a reboot.
Remember you can always cache the hash of a login with pam_ccreds ( with the loss of some security, aging, lockouts, etc.. ) and use that later. Takes a bit of tweaking depending on your setup, but a mix of pam_ccreds ( for passwords) , nss_updatedb (for grabbing ldap info and putting it in Berkeley databases) and nss_db ( for reading the Berkeley databases) can make a decent offline solution. David _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org http://cfengine.org/mailman/listinfo/help-cfengine
