RE: LDAP in Unix

Yes, you're on the right track. I use the Sun LDAP server for users on
Solaris and AIX. If you want to limit which hosts a user can access,
you can add the 'host' attribute for each system you want a user to log
into. If you'd like to go this route, then you'll use the standard pam
ldap module for authorization but you'll have to get it compiled for the
Solaris side. You'll also need to make changes to the Solaris
/etc/pam.conf file.

You can also use the pam_mkhomedir module to automatically create a
user's home directory when they first logon to a system.

And like the other people said, you will need to still maintain a local
passwd and shadow file though they'll be used only for system accounts
like 'root'.

----
Glenn Pitcher
Security Engineer
MedImpact Healthcare Systems, Inc.
San Diego, CA
glenn dot pitcher at medimpact.com


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of dubaisans dubai
Sent: Wednesday, September 27, 2006 12:57 AM
To: focus-sun@xxxxxxxxxxxxxxxxx
Subject: LDAP in Unix


I have 100 + unix servers primarily Linux and solaris.

I am new to LDAP.

I would like to use Sun ONE Directory server and centralise the user

creation. Once I have LDAP based Directory server is the
following true?

1. Whenever a new user has to be created I will create on the SunOne

server and say it is valid only on this host(s).There is no
need to create the user at the host

2. There is no /etc/passwd and /etc/shadow files on the
individual hosts

anymore or they are not of any importance. All the passwords are

stored only in the Directory server.

3. As a later stage I would like to give RSA securID
authentication to selected set of high privilege users.

Is LDAP and Sun one the right direction?



------------------------------------------------------------------------------------------------------------------------
This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.

Relevant Pages

  • Re: Directory Server LDAP/LDIF import - working yet not working???
    ... >> changes the ldap schema AND changes some of you existing ldap objects, ... The default install of DS 5.2 is plain jane LDAP server. ... >> and all your client machines, and set it to something reasonable. ... >> impossible to use the native Solaris 9 ldap client without it set) ...
    (comp.unix.solaris)
  • Re: File Sincronization between hosts
    ... In my Job I have 3 solaris hosts: ... Each Solaris host haves /usr/ucb/sinchronized directories. ... syncronization may be running at any time from any server, ... if the master server goes down, you will not have access to the ...
    (comp.unix.shell)
  • Known Solaris and LDAP Problems
    ... I'll post this list of Solaris and LDAP problems to comp.unix.solaris ... o Use the Directory Server Console ... Newer Solaris 9 style profile works only after patching. ...
    (comp.unix.solaris)
  • Re: LDAP - how can I use it in real life?
    ... Some are Linux, the rest are, well .... ... The problem comes about when you have a number of hosts - and as you've ... users only ever change their password on the master server. ... LDAP doesn't have anything to do with files on hosts; ...
    (comp.os.linux.networking)
  • Re: File Sincronization between hosts
    ... In my Job I have 3 solaris hosts: ... Each Solaris host haves /usr/ucb/sinchronized directories. ... syncronization may be running at any time from any server, ... if the master server goes down, you will not have access to the ...
    (comp.unix.shell)