From owner-freebsd-net Thu Feb 25 13:15:49 1999 Delivered-To: freebsd-net@freebsd.org Received: from samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (Postfix) with ESMTP id 1590114E34 for ; Thu, 25 Feb 1999 13:14:57 -0800 (PST) (envelope-from cshenton@uucom.com) Received: (from cshenton@localhost) by samizdat.uucom.com (8.9.1/8.9.0) id QAA01354; Thu, 25 Feb 1999 16:15:01 -0500 To: shmit@kublai.com Cc: mike@seidata.com, GVB , freebsd-net@FreeBSD.ORG Subject: Re: RADIUS Solutions References: <19990223192031.C50175@kublai.com> <19990225123427.C10052@kublai.com> From: Chris Shenton Date: 25 Feb 1999 16:15:01 -0500 In-Reply-To: Brian Cully's message of Thu, 25 Feb 1999 12:34:27 -0500 Message-ID: <86d82ytcbu.fsf@samizdat.uucom.com> Lines: 19 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Cully writes: > Not at all. The provisioning system pushes out new password databases > every four hours, and those databases are used in the majority of > the cases. However, we wanted instant provisioning as well, so when > we don't find an account in our local password database, we check > the provisioning system directly. This means that we only rarely > hit the network for account validation, and if the provisioning > system is down the only thing that fails is new account login. Won't this lose if the user exists in the cached password file but the password is wrong, e.g., if the user changed it on the master copy? I'd think you'd have synchronization problems.... Or do you push the change out when it occurs, like when the user changes his password? And not push the entire password file? Or something else? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message