AW: AW: entry in /etc/passwd

From: vogt@hansenet.com
Date: 05/07/02


From: vogt@hansenet.com
To: andrew@hatfields.com.au, sgifford@suspectclass.com
Date: Tue, 7 May 2002 09:21:55 +0200 


> In the OpenLDAP source and distribution packages (at least RedHat's),
> there are migration tools to do just this.
> Look in /usr/share/openldap/migration for example.

I remember. There was some kind of problem with these (i.e. they didn't work
and because I know nothing about LDAP and didn't understand much of what
they were supposed to do, I couldn't fix the problem). That was half a year
ago, so maybe I should check a more current version.

> I would review how the user accounts are created and make
> sure they fit
> your account policy before migrating though - as I personally
> don't like
> the way it creates the DN record, but thats just me.

see, that's the prob - I know nothing about LDAP. NIS is easy, because it
just moves user accounts across machines. that's all I want - a list of
accounts that can log on everywhere. :)

anyway, this is somewhat off-topic, except if you consider NIS a security
hole per se (which could definitely be argued). case in point is I tried and
failed, and I've been earning a living doing Unix sysadmin for several years
(before moving into pure security), so I guess many part-time admins will
find it equally difficult.