RE: LDAP in Unix

View: New views

3 Messages — Rating Filter: Alert me

	RE: LDAP in Unix by Glenn Pitcher :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes, you're on the right track. I use the Sun LDAP server for users on Solaris and AIX. If you want to limit which hosts a user can access, you can add the 'host' attribute for each system you want a user to log into. If you'd like to go this route, then you'll use the standard pam ldap module for authorization but you'll have to get it compiled for the Solaris side. You'll also need to make changes to the Solaris /etc/pam.conf file. You can also use the pam_mkhomedir module to automatically create a user's home directory when they first logon to a system. And like the other people said, you will need to still maintain a local passwd and shadow file though they'll be used only for system accounts like 'root'. ---- Glenn Pitcher Security Engineer MedImpact Healthcare Systems, Inc. San Diego, CA glenn dot pitcher at medimpact.com > -----Original Message----- > From: listbounce@... > [mailto:listbounce@...] On Behalf Of dubaisans dubai > Sent: Wednesday, September 27, 2006 12:57 AM > To: focus-sun@... > Subject: LDAP in Unix > > > I have 100 + unix servers primarily Linux and solaris. > > I am new to LDAP. > > I would like to use Sun ONE Directory server and centralise the user > > creation. Once I have LDAP based Directory server is the > following true? > > 1. Whenever a new user has to be created I will create on the SunOne > > server and say it is valid only on this host(s).There is no > need to create the user at the host > > 2. There is no /etc/passwd and /etc/shadow files on the > individual hosts > > anymore or they are not of any importance. All the passwords are > > stored only in the Directory server. > > 3. As a later stage I would like to give RSA securID > authentication to selected set of high privilege users. > > Is LDAP and Sun one the right direction? > > ------------------------------------------------------------------------------------------------------------------------ This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.
	RE: LDAP in Unix by Robert V. Coward/CTR/OSAGWI :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Are there any instructions on making this work with MS Active Directory. I really would like to do this at my own site, but I have been having a hard time finding documentation on making this work with SSH, and then connecting it to MS AD. The MS AD part just makes life easier for me, but it really is not necessary. Any information on setting this up would be greatly appreciated. Robert -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Glenn Pitcher Sent: Tuesday, October 17, 2006 21:15 To: dubaisans dubai; focus-sun@... Subject: RE: LDAP in Unix Yes, you're on the right track. I use the Sun LDAP server for users on Solaris and AIX. If you want to limit which hosts a user can access, you can add the 'host' attribute for each system you want a user to log into. If you'd like to go this route, then you'll use the standard pam ldap module for authorization but you'll have to get it compiled for the Solaris side. You'll also need to make changes to the Solaris /etc/pam.conf file. You can also use the pam_mkhomedir module to automatically create a user's home directory when they first logon to a system. And like the other people said, you will need to still maintain a local passwd and shadow file though they'll be used only for system accounts like 'root'. ---- Glenn Pitcher Security Engineer MedImpact Healthcare Systems, Inc. San Diego, CA glenn dot pitcher at medimpact.com > -----Original Message----- > From: listbounce@... > [mailto:listbounce@...] On Behalf Of dubaisans dubai > Sent: Wednesday, September 27, 2006 12:57 AM > To: focus-sun@... > Subject: LDAP in Unix > > > I have 100 + unix servers primarily Linux and solaris. > > I am new to LDAP. > > I would like to use Sun ONE Directory server and centralise the user > > creation. Once I have LDAP based Directory server is the > following true? > > 1. Whenever a new user has to be created I will create on the SunOne > > server and say it is valid only on this host(s).There is no > need to create the user at the host > > 2. There is no /etc/passwd and /etc/shadow files on the > individual hosts > > anymore or they are not of any importance. All the passwords are > > stored only in the Directory server. > > 3. As a later stage I would like to give RSA securID > authentication to selected set of high privilege users. > > Is LDAP and Sun one the right direction? > > -------------------------------------------------------------------------- ---------------------------------------------- This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.
	RE: LDAP in Unix by Mike Siedelberg :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes, please, anyone have instructions for running LDAP clients on AIX (5.2, 5.3) and Solaris (8,9), using Novell Edir servers? We are having problems with the AIX pam module to start with. Thanks in advance, Mike Siedelberg Jackson National Life Insurance-IT Security Desk Phone 517-367-3546 Cell Phone 517-230-0922 "Robert V. Coward/CTR/OSAGWI" <Robert.Coward.CTR@...> Sent by: listbounce@... 10/19/2006 08:14 AM To Glenn.Pitcher@..., dubaisans@..., focus-sun@... cc Subject RE: LDAP in Unix Are there any instructions on making this work with MS Active Directory. I really would like to do this at my own site, but I have been having a hard time finding documentation on making this work with SSH, and then connecting it to MS AD. The MS AD part just makes life easier for me, but it really is not necessary. Any information on setting this up would be greatly appreciated. Robert -----Original Message----- From: listbounce@... [mailto:listbounce@...] On Behalf Of Glenn Pitcher Sent: Tuesday, October 17, 2006 21:15 To: dubaisans dubai; focus-sun@... Subject: RE: LDAP in Unix Yes, you're on the right track. I use the Sun LDAP server for users on Solaris and AIX. If you want to limit which hosts a user can access, you can add the 'host' attribute for each system you want a user to log into. If you'd like to go this route, then you'll use the standard pam ldap module for authorization but you'll have to get it compiled for the Solaris side. You'll also need to make changes to the Solaris /etc/pam.conf file. You can also use the pam_mkhomedir module to automatically create a user's home directory when they first logon to a system. And like the other people said, you will need to still maintain a local passwd and shadow file though they'll be used only for system accounts like 'root'. ---- Glenn Pitcher Security Engineer MedImpact Healthcare Systems, Inc. San Diego, CA glenn dot pitcher at medimpact.com > -----Original Message----- > From: listbounce@... > [mailto:listbounce@...] On Behalf Of dubaisans dubai > Sent: Wednesday, September 27, 2006 12:57 AM > To: focus-sun@... > Subject: LDAP in Unix > > > I have 100 + unix servers primarily Linux and solaris. > > I am new to LDAP. > > I would like to use Sun ONE Directory server and centralise the user > > creation. Once I have LDAP based Directory server is the > following true? > > 1. Whenever a new user has to be created I will create on the SunOne > > server and say it is valid only on this host(s).There is no > need to create the user at the host > > 2. There is no /etc/passwd and /etc/shadow files on the > individual hosts > > anymore or they are not of any importance. All the passwords are > > stored only in the Directory server. > > 3. As a later stage I would like to give RSA securID > authentication to selected set of high privilege users. > > Is LDAP and Sun one the right direction? > > -------------------------------------------------------------------------- ---------------------------------------------- This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.