On Mon, Sep 21, 2015 at 06:09:08PM +0200, mathias dufresne wrote:
Hi all,
Does "cache-credentials" option need a LDAPS connection or can we set it up
over LDAP too?
Cheers
It's quite unrelated. SSSD is built so that authentication never happens
over unencrypted channel -- it's either TLS or LDAPs.
What cache_credentials does is that after the user has successfully
authenticated, SSSD takes his credentials, hashes them and stores the
hash in the cache. Then, if the server is not available, it's possible
to compare the provided credentials with the hash and log in the user in
offline mode.