LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   LDAP cache shadow passwords (https://www.linuxquestions.org/questions/linux-software-2/ldap-cache-shadow-passwords-764617/)

ACiD GRiM 10-26-2009 03:04 PM
LDAP cache shadow passwords
 
I'd like to allow my laptop to be disconnected from the network and login with a user stored on LDAP. I know nscd can cache usernames and groups but not shadows, but is there a solution that will cache passwords?

acid_kewpie 10-27-2009 01:18 AM
No, because with ldap authentication there is no shadow entry. Something like NIS will provide the local system with a crypt string to locally validate itself against, but ldap doesn't do this. instead you have to bind against the ldap server itself, using the password directly. If you think about it, it should seem kind of screwey for a centralized server to allow any connected client to obtain a list of everyones encrypted passwords which it can then go off an do dictionary attacks against, unknown to the server, until the cows come home.

I know what you mean, something that does happen on offline windows systems, but I don't think there's anything specifically to do this. Of course, I'm wrong about that, but when aren't I? https://help.ubuntu.com/community/PamCcredsHowto, http://www.padl.com/OSS/pam_ccreds.html Looking over this module, it shows that the logic I first described still holds from what I see in the fairly scarce documentation for it.


All times are GMT -5. The time now is 09:59 AM.