Grant Taylor gtaylor at tnetconsulting.net
Tue Nov 6 15:34:48 AEST 2018

On 11/05/2018 08:03 PM, Robert Brockway wrote:
> One caveat with LDAP.  When I last did this a few years ago many Linux 
> systems were set up in such a manner that a failure of LDAP makes the 
> systems largely unusable. AFAIK this is still a problem.
> A sysadmin logging in had to wait out a series of timeouts while trying 
> to open nsswitch.conf or the PAM config to disable LDAP so the 
> underlying problems could be addressed.

I've experienced such pain.  It's not fun.

I think SSSD is coming in to vogue as an abstraction layer between the 
system and LDAP+Kerberos for this very reason.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181105/0eb2a787/attachment.bin>

More information about the TUHS mailing list