LDAP in Unix
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
LDAP in Unix
by dubaisans dubai
::
Rate this Message:
I have 100 + unix servers primarily Linux and solaris.
I am new to LDAP. I would like to use Sun ONE Directory server and centralise the user creation. Once I have LDAP based Directory server is the following true? 1. Whenever a new user has to be created I will create on the SunOne server and say it is valid only on this host(s).There is no need to create the user at the host 2. There is no /etc/passwd and /etc/shadow files on the individual hosts anymore or they are not of any importance. All the passwords are stored only in the Directory server. 3. As a later stage I would like to give RSA securID authentication to selected set of high privilege users. Is LDAP and Sun one the right direction? |
|
|
Re: LDAP in Unix
by Stephen Booth-2
::
Rate this Message:
listbounce@... wrote on 27/09/2006 08:57:25:
> 2. There is no /etc/passwd and /etc/shadow files on the individual hosts > anymore or they are not of any importance. All the passwords are > stored only in the Directory server. Those files are still there and can still be used. As well as your LDAP users (i.e. those whose details are held in the LDAP directory) you'll have local users whose details are stored in the local files. You can specify what order they are checked in using the nsswitch.conf file, you always want the /etc/passwd file to be used in case the machine cannot get a connection to the LDAP server. Generally if a user has an entry in the LDAP directory then you wouldn't want them to be in the /etc/passwd file and visa versa. Obviously the root user has to be /etc/passwd file as you're likely to need that before the network comes up or if you lose connection to the LDAP server (e.g. network outage, LDAP is down, migrating subnets &c). Stephen -- 0121 303 6399 07795590508 *********************************************************************** The information contained in this e-mail (and any attachment) is confidential and may be privileged. It is intended only for the named recipient or entity to whom it is addressed. If you are not the intended recipient, please notify the sender and delete the e-mail immediately. The contents of this e-mail must not be disclosed, printed or copied without the sender's consent. Any e-mail including its content may be monitored and used by Service Birmingham Ltd for reasons of security and for monitoring internal compliance with Security Policy. Although Service Birmingham Ltd have made every reasonable effort to ensure that this message or any attachment is virus free or has not been intercepted and amended this cannot be guaranteed. *********************************************************************** |
|
|
RE: LDAP in Unix
by Freeman, Michael-2
::
Rate this Message:
Dubaisans,
I think you are on the right track. You still will need local copies of /etc/passwd and /etc/shadow but they will only be used as a fall back mechanism when LDAP authentication is not available. -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of dubaisans dubai Sent: Wednesday, September 27, 2006 2:57 AM To: focus-sun@... Subject: LDAP in Unix I have 100 + unix servers primarily Linux and solaris. I am new to LDAP. I would like to use Sun ONE Directory server and centralise the user creation. Once I have LDAP based Directory server is the following true? 1. Whenever a new user has to be created I will create on the SunOne server and say it is valid only on this host(s).There is no need to create the user at the host 2. There is no /etc/passwd and /etc/shadow files on the individual hosts anymore or they are not of any importance. All the passwords are stored only in the Directory server. 3. As a later stage I would like to give RSA securID authentication to selected set of high privilege users. Is LDAP and Sun one the right direction? |
|
|
Re: LDAP in Unix
by jm-30
::
Rate this Message:
Stephen Booth wrote:
> listbounce@... wrote on 27/09/2006 08:57:25: > >> 2. There is no /etc/passwd and /etc/shadow files on the individual >> > hosts > >> anymore or they are not of any importance. All the passwords are >> stored only in the Directory server. >> > > Those files are still there and can still be used. As well as your LDAP > users (i.e. those whose details are held in the LDAP directory) you'll > have local users whose details are stored in the local files. You can > specify what order they are checked in using the nsswitch.conf file, you > always want the /etc/passwd file to be used in case the machine cannot get > a connection to the LDAP server. Generally if a user has an entry in the > LDAP directory then you wouldn't want them to be in the /etc/passwd file > and visa versa. Obviously the root user has to be /etc/passwd file as > you're likely to need that before the network comes up or if you lose > connection to the LDAP server (e.g. network outage, LDAP is down, > migrating subnets &c). > > Stephen > > > 2 (or more) servers and configure replication, this is *really* simple with SunONE DS (point-and-click easy). --jason |
|
|
Re: LDAP in Unix
by technofin
::
Rate this Message:
Hi,
We conduct regular courses on Sun Solaris for system administarators at Dubai and Bangalore,India.If you are interested,please revert back. Regards, Sreekumar.
|
| Free Forum Powered by Nabble | Forum Help |