Not strictly limited to Kerberos - long login delays when system is offline
steve
steve at steve-ss.com
Mon Aug 20 12:09:17 EDT 2012
On 20/08/12 17:10, Booker Bense wrote:
> On Fri, Aug 10, 2012 at 8:26 PM, Darek M <fafaforza at gmail.com> wrote:
>> Hi there, I'm sorry that this won't be strictly limited to Kerberos.
>>
>> I have an MIT/OpenLDAP set up running in a FreeBSD environment where
>> nss_ldap provides user data and kerberos the authentication.
>>
>> The problem is that when the system goes offline (as it can easily
>> happen), logging in becomes near impossible. It takes 5 minutes on a
>> console login for LDAP lookups to time out (between DNS lookup
>> retries, nss retries, timeouts, etc).
Hi
I don't know whether caching is the clue here but we ditched nss-ldap in
favour of nss-pam-ldapd. It's faster all around and has a good caching
system, nslcd. The switchover from one to the other is really easy and
may be worth a try.
Cheers,
Steve
More information about the Kerberos
mailing list