[Date Prev][Date Next]
best practice and account management (passwd)
I'm a openldab absolute beginner so..
I started my training with user management, and was wondering if it was a good
practice to move the whole /etc/passwd to ldap and let nsswitch jusst to
'ldap' the passwd,group,shadow items
I tried and I faced some obvious issues like client's boot errors etc. It
worked but at the cost of a looong timeout..
- Is there any point in moving the whole /etc/passwd and groups, or is maybe
better to move the root and other 'human' accounts, leaving local just the
system users and groups?
- was it better to keep the user's home directories (including /root) locally
on the client, or better to move them on the ldap server, letting them be net-
mounted on the client fs?
Is it theoretically (and practically :-) ) possible to use ldap and remove
from clients all the account management related binaries (useradd etc.) and
/etc/passwd and /etc/groups?
maybe naive questions..sorry :-)