[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Ldap authentication


How about this: 
Dont create an ldap entry for the root account and use "files ldap" in your nsswitch.conf? 

passwd:     files ldap
group:      files ldap


-----Ursprüngliche Nachricht-----
Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Hammad Ahmad Bhatti
Gesendet: Mittwoch, 8. April 2009 14:58
An: Terry.Gardner@sun.com; openldap-technical@openldap.org
Betreff: RE: Ldap authentication

 Thank you terry for bothering this. Actually I want that super user should
authenticate locally like /etc/passwd or /etc/shadow. Please advice if you
have any suggestion for this.

Hammad Ahmad | Associate Network Administrator | Network Operations Center |

i2c Inc. | 1300 Island Drive, Suite 105, Redwood City, CA 94065| URL:

Tel: (650) 593 5400 x4105 | 24x7 NOC: (650) 480 5291 | Fax: (650) 593 5402

-----Original Message-----
From: Terry.Gardner@Sun.COM [mailto:Terry.Gardner@Sun.COM] 
Sent: Wednesday, April 08, 2009 5:50 PM
To: Hammad Ahmad Bhatti
Cc: openldap-technical@openldap.org
Subject: Re: Ldap authentication

If you are asking if the superuser account on a Linux system should
authenticate via something other than the local files (/etc/password, /
etc/shadow, etc), then I would remark that that is not something I would

On Apr 8, 2009, at 2:47 AM, Hammad Ahmad Bhatti wrote:

> Hello,
> I have configured openldap for SSO. Now I am authenticating all of my 
> linux boxes with this SSO. Now I have requirement that my root user 
> should not authenticate through this SSO. Rest of all users should 
> authenticate through this.
> Can any one have any suggestion for this.
> Thannn Koooo
> Hammad Ahmad


Blog: http://blogs.sun.com/terrygardner
Blog: http://dtfar.blogspot.com
Twitter: http://twitter.com/tgardner
SLAMD: http://slamd2.dev.java.net

"The best things in life are not things."