Not strictly limited to Kerberos - long login delays when system is offline

steve steve at steve-ss.com
Wed Aug 22 13:22:26 EDT 2012


On 22/08/12 19:04, Darek M wrote:
> On Mon, Aug 20, 2012 at 12:09 PM, steve <steve at steve-ss.com> wrote:
>>
>> Hi
>> I don't know whether caching is the clue here but we ditched nss-ldap in
>> favour of nss-pam-ldapd. It's faster all around and has a good caching
>> system, nslcd. The switchover from one to the other is really easy and
>> may be worth a try.
>
> nss-pam-ldapd seems promising.  It already halved the login time with
> the system offline, and doing an 'ls -l' on files owned by an LDAP
> user results in only a couple of seconds delay, whereas it hung for a
> while with nss-ldap.  I also like the ignore users option.  I'll play
> around with this.  Thanks!
>

No problem.
Just remembered a gotcha. If you are doing any debugging or 
experimenting, or e.g. user uidNumber:gidNumber doesn't update when you 
change it in LDAP, I'd recommend turning off nscd.

Cheers,
Steve



More information about the Kerberos mailing list