Re: [SAGE] Help with centralizing account management

[Sam Johnston <samj@aos.net.au>]

Paul Dlug wrote:

>I need some help finding a solution to manage user accounts from a central 
>location. Our environment is composed of Solaris and FreeBSD servers (some 
>scattered linux as well) with a rollout of around 20 FreeBSD desktops 
>planned. NIS+ is currently being used on Solaris, the FreeBSD hosts are 
>maintained manually since they're primarily servers with one or two user 
>accounts. There is a planned migration to LDAP in the next few weeks as we 
>move toward Solaris 9. I tested pam_ldap with FreeBSD and it works, however a 
>password file entry is still necessary so it doesn't really solve the 
>problem. LDAP seems like it's the right choice and it works well under 
>Solaris however I don't see mature support for it under *BSD and linux. Can 
>someone recommend a solution?
>
>Thanks,
>Paul
>
You need nss_ldap (http://www.padl.com/OSS/nss_ldap.html) to replace the 
password entries and you probably should use pam_ldap 
(http://www.padl.com/OSS/pam_ldap.html) for the authentication (although 
you could retrieve the crypt hashes via nss, pam provides a lot of nice 
extra features). You could point Samba at your LDAP directory too if you 
wanted to integrate Windows boxen.

I'm not sure about some of the LDAP support offered by some of the 
commercial Unices though. For example, I'm not aware of an SIA module 
for Tru64 (except maybe as part of what was the iPlanet directory server).

Regards,

Sam

-- 
Sam Johnston
Australian Online Solutions
1300 132 809

>  
>