help-cfengine@cfengine.org
[Top] [All Lists]

Re: help with cfengine for account management in very large environments

Subject: Re: help with cfengine for account management in very large environments
From: "David Dorgan"
Date: Wed, 7 Jun 2006 15:44:30 +0200
> Just be careful with LDAP login authentication; I've seen a server where
> if the LDAP subsystem falls over, you can't log in as root on the console.

Why not run tcpdump and find out what is happening. I know that
pam_access looks up netgroups and it can cause a timeout while trying
to login. In your /etc/krb5.conf, in the pam configuration section set
the variable minimum_uid to something high enough so all the system
accounts you use won't cause these lookups.

David
_______________________________________________
Help-cfengine mailing list
Help-cfengine@xxxxxxxxxxxx
http://cfengine.org/mailman/listinfo/help-cfengine

<Prev in Thread] Current Thread [Next in Thread>