[Date Prev][Date Next] [Chronological] [Thread] [Top]

best practice and account management (passwd)

Hi everybody!

I'm a openldab absolute beginner so..

I started my training with user management, and was wondering if it was a good 
practice to move the whole /etc/passwd to ldap and let nsswitch jusst to 
'ldap' the passwd,group,shadow items

passwd:	ldap
group:	ldap
shadow:	ldap

I tried and I faced some obvious issues like client's boot errors etc. It 
worked but at the cost of a looong timeout..

- Is there any point in moving the whole /etc/passwd and groups, or is maybe 
better to move the root and other 'human' accounts, leaving local just the 
system users and groups?

- was it better to keep the user's home directories (including /root) locally 
on the client, or better to move them on the ldap server, letting them be net-
mounted on the client fs?

Is it theoretically (and practically :-) ) possible to use ldap and remove 
from clients all the account management related binaries (useradd etc.) and 
/etc/passwd and /etc/groups?

maybe naive questions..sorry :-)