[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Syncronized password management ...



Yes, you can use slappasswd+slapadd, some of the padl migration scripts
would be a good reference.

* Blake

-----Original Message-----
From: Darrell McGuire [mailto:dmcguire@pegasys.cc]
Sent: Wednesday, July 11, 2001 8:26 AM
To: pam-list@redhat.com
Subject: Re: Syncronized password management ...


Blake-

How do you handle the addition of large user batches under LDAP?
Currently I use "newusers" to add users when I need to create a few
hundred at once.  Is there a way to do this still when you switch to LDAP?

-Darrell McGuire

Blake Barnett wrote:

> The reason you state for not wanting to use existing centralization
schemes
> is network dependancies.  While this is certainly a valid concern, most
> systems have addressed this by at least providing replication for the
> service, so that servers can be placed at strategic points in your network
> and provide a robust fallback mechanism.  While I believe NIS does this I
> would recommend using LDAP as both your authentication and information
> source.  (via pam-ldap & pam-nss).  The replication is done very well in
> LDAP and the referral system works well for falling back to other servers.
>
> If your WHOLE network goes down or you can't reach ANY of your replicas
> you've got far more serious problems than just being able to login to your
> boxes.  You should always have root and a couple administrative logins
which
> ALWAYS reside in /etc/shadow for these situations anyway.
>
> As you said, it is a daunting task, and one which isn't really warranted
> given the resources already available.
>
> Blake Barnett
> Sr. Unix Administrator
> DevelopOnline
>
> -----Original Message-----
> From: Lars Segerlund [mailto:lars.segerlund@comsys.se]
> Sent: Tuesday, July 10, 2001 4:10 AM
> To: pam-list@redhat.com
> Subject: Syncronized password management ...
>
>  Hi,
>
>   I am about to start to hacka a pam module for uninfied password
> management, which will handle users from a central server but update
> local passwd and group files. Basicly I want to centralize user
> management whitout building network dependency for the system. ( like
> nis if it fails it fails ... )
>
>   I will also handle password updates on a client 8 propagation ) ,
> however before I set out on this daunting task, does anybody know of a
> module which will give me this functionality ?
>
>   Now I build central user databases, which I upload and then locally
> mangle passwd and group ! this is done by secure remote login, but I
> don't think this system safe enough.
>
>   Any tips from anyone ? or usefull pam modules to spy on ? I have
> checked out pam-ldap and pam-pwdfile and some other.
>
>  / best regards, Lars Segerlund.
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list



_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []