[Bug 428015] New: OpenSUSE does not provide LDAP cached authentication
https://bugzilla.novell.com/show_bug.cgi?id=428015 Summary: OpenSUSE does not provide LDAP cached authentication Product: openSUSE 11.1 Version: Factory Platform: All OS/Version: openSUSE 11.0 Status: NEW Keywords: security Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: fedev@gmx.net QAContact: qa@suse.de Found By: --- While the following is stated at Novell's website, it never materialized to anything practical: "The pam_ccreds module provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable. Used in conjunction with the nss_updatedb utility, it provides a mechanism for disconnected use of network directories." (see http://www.novell.com/products/linuxpackages/opensuse/pam_ccreds.html) OpenSUSE provides pam_ccreds but not nss_updatedb (and dependencies). With all of the above being said, OpenSUSE should provide these packages or an alternative method of cached LDAP authentication so that laptop users could still log onto their accounts while not being connected to the LDAP server (or in case should anything prevent computers from reaching the server) Many other distros support this and OpenSUSE would be benefit by it. Thank you. Federico -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=428015 User thomas@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=428015#c1 Thomas Biege <thomas@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |mc@novell.com --- Comment #1 from Thomas Biege <thomas@novell.com> 2008-09-22 00:38:04 MDT --- reassigning to Michael, maybe he can help here -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=428015 User mc@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=428015#c2 Michael Calmer <mc@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mc@novell.com |rhafer@novell.com --- Comment #2 from Michael Calmer <mc@novell.com> 2008-09-22 01:58:46 MDT --- Re-assign to ldap maintainer. He can answer the question why we do not have nss_updatedb. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=428015 User rhafer@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=428015#c3 Ralf Haferkamp <rhafer@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FEATURE Status Whiteboard| |FATE #301126 --- Comment #3 from Ralf Haferkamp <rhafer@novell.com> 2008-09-22 03:01:12 MDT --- nss_updatedb requires nss_db with was been dropped from glibc some years ago (IIRC). I don't know the exact reasons for this but it seems to be basically unmaintained since then (the latest release I could find was from 2000). Not very good package to add to the distribution IMO. Appart from that there are some architectual issues with nss_updatedb, especially in larger enviroments. It periodically dumps the whole remote User database (e.g. LDAP) into a local file on the client. Which is IMO a bit too much for cached authentication and doesn't even work in many enviroments, because of restrictions that are in place in the server site (e.g. LDAP sizelimits). I agree though that having cached authentication support for LDAP would be nice. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=428015 User fedev@gmx.net added comment https://bugzilla.novell.com/show_bug.cgi?id=428015#c4 --- Comment #4 from Federico Vecchiarelli <fedev@gmx.net> 2008-09-22 15:09:30 MDT --- Ralf, Correct me if I'm wrong, but that is so far the only way to provide users with cached authentication, is that correct? If it is not intended to be packaged for OpenSUSE, then which other alternative do we have? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=428015 User fedev@gmx.net added comment https://bugzilla.novell.com/show_bug.cgi?id=428015#c5 --- Comment #5 from Federico Vecchiarelli <fedev@gmx.net> 2008-10-05 21:27:46 MDT --- Ralf, I would like to post a workaround for this issue, in case anyone would like to use it as an alternative to nss_updatedb. http://www.flyn.org/laptopldap/laptopldap.html The information on that page is for LDAP and with Kerberos authentication, but just modifying a few lines will do the same for LDAP authentication. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com