[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Authentication for a script?
Hi All,
I'm new at the LDAP game - please bear with me!
I've written a script for all our hosts that creates 'emergency'
/etc/passwd and /etc/shadow files. This will be launched via cron every
so often.
The problem is that since the userPassword attribute is of course
protected as such:
access to dn=".*,ou=People,dc=mydomain,dc=ca" attr=userPassword
by self write
by dn="uid=root,ou=People,dc=mydomain,dc=ca" write
by * auth
So, for the script to work, it needs to bind as the root DN. And
there's no way that people will be comfortable with us having the root
password embedded in a script on every host (Well, mode 0700 might be
okay, but...)! I'm new with SASL, TLS & certificates - is there a way
to use these to get around this?
Thanks for any ideas,
Erik.
--
e r i k w i l l i a m s o n erik@cpsc.ucalgary.ca
system admin . department of computer science . university of calgary