[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Ldap authentication

To: <openldap-technical@openldap.org>
Subject: AW: Ldap authentication
From: "Kick, Claus" <claus.kick@siemens.com>
Date: Wed, 8 Apr 2009 15:15:44 +0200
Content-class: urn:content-classes:message
In-reply-to: <017301c9b849$b6fe91f0$0e96a8c0@i2c.com>
References: <2E61A410-3432-4D84-8BC9-04BC454813D1@Sun.COM> <017301c9b849$b6fe91f0$0e96a8c0@i2c.com>
Thread-index: Acm4SJmLA0m7Hmy2SHO1KOkVhliXAwAAM50gAACiQ0A=
Thread-topic: Ldap authentication

Hello,

How about this: 
Dont create an ldap entry for the root account and use "files ldap" in your nsswitch.conf? 

passwd:     files ldap
group:      files ldap

Cheers,
Claus

-----Ursprüngliche Nachricht-----
Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Hammad Ahmad Bhatti
Gesendet: Mittwoch, 8. April 2009 14:58
An: Terry.Gardner@sun.com; openldap-technical@openldap.org
Betreff: RE: Ldap authentication

 Thank you terry for bothering this. Actually I want that super user should
authenticate locally like /etc/passwd or /etc/shadow. Please advice if you
have any suggestion for this.

Hammad Ahmad | Associate Network Administrator | Network Operations Center |
noc@i2cinc.com 

i2c Inc. | 1300 Island Drive, Suite 105, Redwood City, CA 94065| URL:
www.i2cinc.com

Tel: (650) 593 5400 x4105 | 24x7 NOC: (650) 480 5291 | Fax: (650) 593 5402

-----Original Message-----
From: Terry.Gardner@Sun.COM [mailto:Terry.Gardner@Sun.COM] 
Sent: Wednesday, April 08, 2009 5:50 PM
To: Hammad Ahmad Bhatti
Cc: openldap-technical@openldap.org
Subject: Re: Ldap authentication

If you are asking if the superuser account on a Linux system should
authenticate via something other than the local files (/etc/password, /
etc/shadow, etc), then I would remark that that is not something I would
recommend.

On Apr 8, 2009, at 2:47 AM, Hammad Ahmad Bhatti wrote:

> Hello,
> I have configured openldap for SSO. Now I am authenticating all of my 
> linux boxes with this SSO. Now I have requirement that my root user 
> should not authenticate through this SSO. Rest of all users should 
> authenticate through this.
> Can any one have any suggestion for this.
>
> Thannn Koooo
> Hammad Ahmad
>

======

Terry.Gardner@Sun.COM
Blog: http://blogs.sun.com/terrygardner
Blog: http://dtfar.blogspot.com
Twitter: http://twitter.com/tgardner
SLAMD: http://slamd2.dev.java.net

"The best things in life are not things."

References:
- Re: Ldap authentication
  - From: Terry Gardner <Terry.Gardner@Sun.COM>
- RE: Ldap authentication
  - From: "Hammad Ahmad Bhatti" <ahammad@i2cinc.com>

Prev by Date: RE: Ldap authentication
Next by Date: Re: AW: problem with a lot of databases in openldap 2.3
Index(es):
- Chronological
- Thread