I've seen a problem that I've heard others have too concerning nsswitch.conf and ldap in woody atleast, haven't tried others.
The problem is that in configurations where files are to be checked before ldap, it still looks for the ldap server. This causes a delay in login. That it is a problem with ldap can easily be proven by removing the ldap entries in nsswitch.conf With a slight misconfiguration, it is easy to reach the defualt 60 second timeout in login.defs I don't have that timeout (anymore) but I'm still curious of why I'm getting a delay at all. The only fancy lines in nsswitch.conf are: passwd: files ldap group: files ldap shadow: files ldap The could also be read as: passwd: files [SUCCESS=return] ldap [UNAVAIL=return] group: files [SUCCESS=return] ldap [UNAVAIL=return] shadow: files [SUCCESS=return] ldap [UNAVAIL=return] Which is the default behaviour, or should be. Now even if the ldap server is errenously specified in every single config file, local logins should be possible without nsswitch even trying to contact the ldap server right? That doesn't appear to be the case. I've even tried to set timeouts in ldap.conf, libnss-ldap.conf and pam_ldap.conf, It doesn't help. pam.d/login: auth requisite pam_securetty.so auth requisite pam_nologin.so auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so session required pam_unix.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenv password sufficient pam_unix.so nullok use_authtok md5 shadow password sufficient pam_ldap.so use_authtok password required pam_deny.so Alex -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
