This is perhaps a more general security question. *For those of you with a directory services installation, do you install a generic local user with sudo access in case directory services is not available? *Or do you just beef up your directory services to the point that you are confident it will almost always be up?
I usually disable root login via ssh, but allow it from the physical console, and make an emergency generic account with sudo privs in case DS breaks down. *What I've noticed, however, is if I simulate a directory services failure, ssh logins with this generic local account take an eternity as the server still tries to auth that user against ldap/kerberos first. *I'm sure this could be adjusted in pam in some way.
I was just curious how other admins approach this, and what level of trust they place in directory services being available.
CentOS mailing list