Not strictly limited to Kerberos - long login delays when system is offline
steve
steve at steve-ss.com
Wed Aug 22 13:22:26 EDT 2012
On 22/08/12 19:04, Darek M wrote:
> On Mon, Aug 20, 2012 at 12:09 PM, steve <steve at steve-ss.com> wrote:
>>
>> Hi
>> I don't know whether caching is the clue here but we ditched nss-ldap in
>> favour of nss-pam-ldapd. It's faster all around and has a good caching
>> system, nslcd. The switchover from one to the other is really easy and
>> may be worth a try.
>
> nss-pam-ldapd seems promising. It already halved the login time with
> the system offline, and doing an 'ls -l' on files owned by an LDAP
> user results in only a couple of seconds delay, whereas it hung for a
> while with nss-ldap. I also like the ignore users option. I'll play
> around with this. Thanks!
>
No problem.
Just remembered a gotcha. If you are doing any debugging or
experimenting, or e.g. user uidNumber:gidNumber doesn't update when you
change it in LDAP, I'd recommend turning off nscd.
Cheers,
Steve
More information about the Kerberos
mailing list