[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Central Authentication



On Thu, 26 Aug 2004, Martin Niki wrote:

> So it leaves me with a problem, is there any way to only have the users in
> ldap and still authenticate the users for the services mentioned earlier, or
> do I have to have the users also in passwd ? I do not need, nor really want
> people to be able to do console logins, only the ones mentioned earlier. And
> is there any other means than ldap to do the authentication for all the
> services mentioned before ?

pam_ldap/nss_ldap should do it. pam (AFAIK) can be configured to
try different authentication methods in a given order, if ldap
fails it will go on. This way you can have your root account in
normal password files and still get root access if ldap is down.

This seems to be a guide for you to look at:

http://www.giac.org/practical/Alexis_Tremblay_GSEC.html

or go goole :-) Also, O'Reilly has a book on using LDAP to replace
NIS etc.

Regards, Erik

GnuPG Key: http://www.locolomo.org/home/norgaard/norgaard.gpg.asc
pub  1024D/B02CC311 2004-04-05 Erik Norgaard <norgaard_(_at_)_locolomo_(_dot_)_org>
     Key fingerprint = 6C11 B9B1 52BD F16D 34AD  9893 D3EC E6DB B02C C311