On Sun, 2011-05-01 at 14:08 +0100, Roger Leigh wrote: > If we could move to having a central service, rather than having every > process load in a pile of extra libraries, I would probably be in > favour of it. If would make some things, such as NSS queries inside > chroots, much more efficient and robust. This is what nss-pam-ldapd does to replace nss_ldap (NSS part in libnss-ldapd). It uses a central daemon running as a dedicated user (for LDAP NSS requests only). The original reason for the creation of nss-ldapd was that the OpenLDAP libraries are not meant to be in processes that do not expect them. I guess there are more. Another solution (that Joss already pointer out) is libnss-sss which has a slightly broader scope. I'm not sure that having a central process to read stuff from simple flat files is a good idea though as it adds extra complexity and a single point of failure. -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Attachment:
signature.asc
Description: This is a digitally signed message part