From owner-freebsd-questions@FreeBSD.ORG Wed Jun 8 21:42:31 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 623AE16A41C for ; Wed, 8 Jun 2005 21:42:31 +0000 (GMT) (envelope-from tshadwick@goinet.com) Received: from mail.goinet.com (mail.goinet.com [208.207.72.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id E285C43D49 for ; Wed, 8 Jun 2005 21:42:30 +0000 (GMT) (envelope-from tshadwick@goinet.com) Received: from mail.goinet.com (localhost.goinet.com [127.0.0.1]) by mail.goinet.com (8.13.1/8.13.1) with ESMTP id j58LgIC0025870; Wed, 8 Jun 2005 16:42:18 -0500 (CDT) (envelope-from tshadwick@goinet.com) Received: from localhost (tshadwick@localhost) by mail.goinet.com (8.13.1/8.13.1/Submit) with ESMTP id j58LgHS8025862; Wed, 8 Jun 2005 16:42:17 -0500 (CDT) (envelope-from tshadwick@goinet.com) X-Authentication-Warning: mail.goinet.com: tshadwick owned process doing -bs Date: Wed, 8 Jun 2005 16:42:17 -0500 (CDT) From: Tony Shadwick To: Charles Swiger In-Reply-To: <5EE9BD2D-25F2-40C1-A166-2359C9C11788@mac.com> Message-ID: <20050608164118.G23444@mail.goinet.com> References: <5EE9BD2D-25F2-40C1-A166-2359C9C11788@mac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV version 0.85.1, clamav-milter version 0.85 on mail.goinet.com X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org Subject: Re: 5.x, LDAP and caching uid/gid data X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Jun 2005 21:42:31 -0000 On Wed, 8 Jun 2005, Charles Swiger wrote: > On Jun 8, 2005, at 1:53 PM, Ben Hockenhull wrote: >> There's no user information on the local system at all, so every operation >> that requires UID/GID information had to do an LDAP lookup to get UID/GID >> data. So, for example, every piece of mail delivered means an LDAP lookup. >> Ick. > > You really want to leave the standard system UIDs and GIDs in place, and use > LDAP (or NIS, etc) to augment them with the additional information about > network-wide users and groups. > >> Is there such a thing as nscd for FreeBSD, and if so, has anyone had >> experience using it? I found a lookupd utility that looks promising, but >> I'm leery of implementing it in production as it seems like fairly untested >> software. > > lookupd has been around for close to fifteen years, and has been used with > large user/group databases (50,000+ users). More to the point, the PADL > stuff ought to play nicely with lookupd, since PADL came from the NEXTSTEP > and now MacOS X community where lookupd originated. > > I am not sure that lookupd has been used or tested or shaken down as much > with FreeBSD, so the integration with PAM may not be as mature as it's usage > with the nss_ mechanism. > > However, if you really want nscd, I'd imagine that you ought to be able to > hunt that down from Sun now that the source code for Solaris 10 is openly > available...? > > -- > -Chuck What about caching, as he asked originally? If a laptop user "walks away" from the network where the LDAP or NIS server is located, will it cache auth info so the user can still get in?