[K12OSN] same name for local and ldap users
Rob Owens
rowens at ptd.net
Fri Oct 12 19:40:35 UTC 2007
On Fri, Oct 12, 2007 at 12:26:14PM -0700, Craig White wrote:
> On Fri, 2007-10-12 at 15:15 -0400, Rob Owens wrote:
> > After installing ldap using the smbldap-installer, I have noticed that I am able to create ldap users with the same username as my local (/etc/passwd) users. The local user and the ldap user can have different passwords, but seem to have access to the same files based on their username. I'm not sure if this is a bug or a feature. If it's a feature I'd like to use it on my laptop, so I can log in with the same username and have access to all my local whether I'm "on the network" or not.
> >
> > So does anybody know if it is recommended/acceptable to do what I'm talking about?
> ----
> Not recommended...each user would likely have different uid/gid's and
> there would be an element of unpredictability. Overlapping uid's/gid's
> would break security.
>
Thanks Craig. I recall seeing your post arguing against having a root account in ldap for the same reasons.
With regards to my laptop, how can I ensure if I save something to the local hard drive as my ldap user that my local user can access it (for when I'm on the road)? Group access wouldn't seem to work since the ldap group would be unknown to the local machine if no ldap authentication has occurred.
-Rob
More information about the K12OSN
mailing list