[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Ldap authentication



Hello,

How about this: 
Dont create an ldap entry for the root account and use "files ldap" in your nsswitch.conf? 

passwd:     files ldap
group:      files ldap

Cheers,
Claus

-----Ursprüngliche Nachricht-----
Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Hammad Ahmad Bhatti
Gesendet: Mittwoch, 8. April 2009 14:58
An: Terry.Gardner@sun.com; openldap-technical@openldap.org
Betreff: RE: Ldap authentication


 Thank you terry for bothering this. Actually I want that super user should
authenticate locally like /etc/passwd or /etc/shadow. Please advice if you
have any suggestion for this.


Hammad Ahmad | Associate Network Administrator | Network Operations Center |
noc@i2cinc.com 

i2c Inc. | 1300 Island Drive, Suite 105, Redwood City, CA 94065| URL:
www.i2cinc.com

Tel: (650) 593 5400 x4105 | 24x7 NOC: (650) 480 5291 | Fax: (650) 593 5402

-----Original Message-----
From: Terry.Gardner@Sun.COM [mailto:Terry.Gardner@Sun.COM] 
Sent: Wednesday, April 08, 2009 5:50 PM
To: Hammad Ahmad Bhatti
Cc: openldap-technical@openldap.org
Subject: Re: Ldap authentication

If you are asking if the superuser account on a Linux system should
authenticate via something other than the local files (/etc/password, /
etc/shadow, etc), then I would remark that that is not something I would
recommend.


On Apr 8, 2009, at 2:47 AM, Hammad Ahmad Bhatti wrote:

> Hello,
> I have configured openldap for SSO. Now I am authenticating all of my 
> linux boxes with this SSO. Now I have requirement that my root user 
> should not authenticate through this SSO. Rest of all users should 
> authenticate through this.
> Can any one have any suggestion for this.
>
> Thannn Koooo
> Hammad Ahmad
>


======


Terry.Gardner@Sun.COM
Blog: http://blogs.sun.com/terrygardner
Blog: http://dtfar.blogspot.com
Twitter: http://twitter.com/tgardner
SLAMD: http://slamd2.dev.java.net

"The best things in life are not things."