[nycbug-talk] External Authentication Implementation in FreeBSD

Matt Juszczak matt at atopia.net
Sun May 17 12:08:39 EDT 2009


Ah... I think the best bet would be to setup an ldap slave on each server 
and use it as the failover server.  The other option is to generate 
passwd/shadow/group files from ldap so that it will always work.

On Sun, 17 May 2009, Christopher Olsen wrote:

> What I was hoping was if it can do something similar to way the way 
> workstations work from a windows domain if the domain is there they will log 
> right onto it if by chance it's not available it will use cached credentials 
> to get them onto the workstation.
>
>
> Matt Juszczak wrote:
>> What about "ldapifying" the LDAP servers?  If server1 is LDAP primary and 
>> server2 is LDAP secondary, should you put nss_ldap/pam_ldap on those boxes, 
>> have them connect to the local instance, and have it failover to files just 
>> in case the LDAP process is down?  or should those boxes that drive 
>> authentication and authorization, etc. be driven by local files/system 
>> only?
>
>



More information about the talk mailing list