Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: caching in Apple authentication mechanisms?

On Thursday, April 08, 2004, at 02:39AM, Paul Reilly <email@hidden> wrote:

>I could be 100% incorrect, but from observing the terminal in
>Jaguar when bound to an LDAP server for authentication/user info,
>there's no caching of uid, gid etc. If the connection to LDAP goes,
>the machines can't determine the users uid, or gid.


We shouldn't confuse the definitions of the loaded term "caching". Lookups are cached at various levels- thee caches seem to be short lived (and lookupd's is configurable... not sure about DirectoryService's, it's probably in the code for the Search plug-in). This is analgous to anything that caches libc lookups on any platform.

An entire user account may also under certain circumstances be "cached." cached is not technically correct since it's "cached" until an administrator "uncaches" (deletes) it. In reality it's just a copy of a network account that's stuffed into the local directory node (auth data is stored in a shadow file, and is updated on successful network logins to reflect the most current avalable state). Current managed client (authorization) data is cached in the mcx cach in the local directory. This is primarily so that managed client settings will be enforced when the user is disconnected from the network.

It is somewhat useful. My day to day account on my powerbook when I travel is "cached" from an Open Directory Master. I'm not 100% happy with it but it does work.
_______________________________________________
maclabmanager mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/maclabmanager
Do not post admin requests to the list. They will be ignored.



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.