> Steinar H. Gunderson wrote: >>> With libnss-ldap 238-1.2 installed >>> >>> $ cat /proc/sys/kernel/random/entropy_avail; \ >>> getent passwd user_in_ldap; \ >>> cat /proc/sys/kernel/random/entropy_avail >>> 3585 >>> passwd entry here >>> 129 >> Are you sure it's not falling back to non-TLS here? Or local files somehow? I >> can't see a reason why it would fail any better than 251, given that a >> failure is still a failure and the relevant change is what it does after the >> fact... > > I'm rather certain it's not falling back to non-TLS. There are NO > configuration file changes when I switch back and forth between versions > 238 and 251. ...
I forgot to address the "falling back to local files" part of your question in my previous email. The ldap relevant parts of my /etc/nsswitch.conf are ========== passwd: files ldap group: files ldap shadow: files ldap ========== I have files first so that when there are problems with ldap (which happens), root will be more likely to be able to log in since the local files are checked first. And while I was executing back-to-back "getent passwd" commands with libnss-ldap version 238 installed, each command continued to return user accounts that are only present in LDAP (and so could not have come from local files). Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
