I looking at pam_ccred as a method to cache user authentication data for if/when network is down/ldap pukes/ etc. <br>It uses a local database built from getent passwd/getent shadow data.<br><br>Does it cache ONLY the attempted-login user data or does is cache ALL user data.<br>
<br>All user data would provide a local copy of the hash from shadow for attack for ALL users. very bad. <br><br>I can't find any docs that discuss how limited this is. Any ideas?<br clear="all"><br>-- <br>-- <br>James P. Kinney III<br>
I would rather stumble along in freedom than walk effortlessly in chains.<br><br><br>