Can Linux cache domain user credentials?

Posted on

Problem :

I want to centrally manage users on my small network at home, preferably in a mixed Windows/Linux environment. (I’m transitioning to Linux to avoid Windows 10.)

Is it possible to cache users on a linux computer the way Windows caches its AD users? Here’s an example of what I want to do: I want to log in to bgstack@mydomain whether or not I’m attached to my home network, on a linux system. When I take my laptop to my friend’s house, I still want to use bgstack@mydomain.

If a solution exists, does it matter which directory server I use? I have not yet implemented any linux identity management solution yet but was leaning towards FreeIPA.

Solution :

This is exactly how I use sssd. On my laptop, I run as the user from our corporate LDAP:

jhrozek@hendrix ~ » whoami

Yet I don’t have that user in /etc/passwd at all:

jhrozek@hendrix ~ » grep jhrozek /etc/passwd
jhrozek@hendrix ~ » echo $?

The setup really depends on what kind of server you use, but SSSD supports MSAD, FreeIPA, LDAP and Kerberos.

Centrify is a commercial product that integrates linux with AD and it can cache credentials and homedirs.

Leave a Reply

Your email address will not be published. Required fields are marked *