[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Help with centralizing account management

To: Stephen L Johnson <sjohnson@monsters.org>
Subject: Re: [SAGE] Help with centralizing account management
From: Paul Dlug <paul@nerdlabs.com>
Date: Tue, 16 Jul 2002 17:05:13 -0400
Cc: sage-members@sage.org
In-Reply-To: <1026847340.16533.22.camel@mothra.monsters.org>
References: <200207161421.06818.paul@nerdlabs.com> <1026847340.16533.22.camel@mothra.monsters.org>
Sender: owner-sage-members@usenix.org
User-Agent: KMail/1.4.2

Well that's sort of the problem, as far as I can tell there isn't an nsswitch 
for *BSD. I found some references to a partial implementation but nothing 
workable.


On Tuesday 16 July 2002 03:22 pm, Stephen L Johnson wrote:
> You difficulties with LDAP under *BSD sound like you've only set it up
> to do authentication. pam_ldap only handles authentication. Directory
> Services are handled by the libc get*() functions.  You have to
> configure the systems directory service lookups to use LDAP via
> /etc/nsswitch.conf(?) or what *BSD uses. (Please forgive my ignorance, I
> have used *BSD that much).
>
> At work, we've setup an Enterprise FTP server using LDAP as the account
> DB. It works quite well. Using LDAP has eased management in many ways.
>
> There is only two weak spots I found in pam_ldap. One there is no
> provision for using more then one LDAP server. The other is not being
> able to log into the service is it can't contact the LDAP server. Even
> if the user is in the local files.
>
> I suspect the later problem could be solved by a pam configuration
> tweak. But it hasn't been a serious problem as yet.
>
> On Tue, 2002-07-16 at 13:21, Paul Dlug wrote:
> > I need some help finding a solution to manage user accounts from a
> > central location. Our environment is composed of Solaris and FreeBSD
> > servers (some scattered linux as well) with a rollout of around 20
> > FreeBSD desktops planned. NIS+ is currently being used on Solaris, the
> > FreeBSD hosts are maintained manually since they're primarily servers
> > with one or two user accounts. There is a planned migration to LDAP in
> > the next few weeks as we move toward Solaris 9. I tested pam_ldap with
> > FreeBSD and it works, however a password file entry is still necessary so
> > it doesn't really solve the problem. LDAP seems like it's the right
> > choice and it works well under Solaris however I don't see mature support
> > for it under *BSD and linux. Can someone recommend a solution?
> >
> > Thanks,
> > Paul

References:
- [SAGE] Help with centralizing account management
  - From: Paul Dlug <paul@nerdlabs.com>
- Re: [SAGE] Help with centralizing account management
  - From: Stephen L Johnson <sjohnson@monsters.org>

Prev by Date: Re: [SAGE] Managers who "engineer"
Next by Date: Re: [SAGE] Help with centralizing account management
Prev by thread: Re: [SAGE] Help with centralizing account management
Next by thread: Re: [SAGE] Help with centralizing account management
Index(es):
- Date
- Thread