[nycbug-talk] External Authentication Implementation in FreeBSD
Matt Juszczak
matt at atopia.net
Sun May 17 12:08:39 EDT 2009
Ah... I think the best bet would be to setup an ldap slave on each server
and use it as the failover server. The other option is to generate
passwd/shadow/group files from ldap so that it will always work.
On Sun, 17 May 2009, Christopher Olsen wrote:
> What I was hoping was if it can do something similar to way the way
> workstations work from a windows domain if the domain is there they will log
> right onto it if by chance it's not available it will use cached credentials
> to get them onto the workstation.
>
>
> Matt Juszczak wrote:
>> What about "ldapifying" the LDAP servers? If server1 is LDAP primary and
>> server2 is LDAP secondary, should you put nss_ldap/pam_ldap on those boxes,
>> have them connect to the local instance, and have it failover to files just
>> in case the LDAP process is down? or should those boxes that drive
>> authentication and authorization, etc. be driven by local files/system
>> only?
>
>
More information about the talk
mailing list