Hola,
I've been playing around with LDAP today, and have got into a state where I
can happily authenticate PAM aware apps freely from LDAP, ssh even creates
users home directories.
There is just one flaw in my plan:
What happens when the LDAP server is unavailable?
No one who exists only in LDAP can't login.
Perhaps I could create a local user for those times, but if I change that
users password it changes LDAP, not /etc/shadow.
That's fine for me, but not for a numpty user.
I've been googling, but my search terms always seem too ambiguous.
Is it possible for user/password manipulation against LDAP to also manipulate
the local account?
Like windows does in domain mode, i.e. logon once against the domain, and
you'll be able to logon with those same credentials (irrespective of whether
you've changed the password on another machine or not) wherever the machine
is.
Cheers
--
Mike Williams
--
gentoo-user@gentoo.org mailing list
I've been playing around with LDAP today, and have got into a state where I
can happily authenticate PAM aware apps freely from LDAP, ssh even creates
users home directories.
There is just one flaw in my plan:
What happens when the LDAP server is unavailable?
No one who exists only in LDAP can't login.
Perhaps I could create a local user for those times, but if I change that
users password it changes LDAP, not /etc/shadow.
That's fine for me, but not for a numpty user.
I've been googling, but my search terms always seem too ambiguous.
Is it possible for user/password manipulation against LDAP to also manipulate
the local account?
Like windows does in domain mode, i.e. logon once against the domain, and
you'll be able to logon with those same credentials (irrespective of whether
you've changed the password on another machine or not) wherever the machine
is.
Cheers
--
Mike Williams
--
gentoo-user@gentoo.org mailing list