[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Host based authentication using OpenLDAP
Hello, I've been working on implementing a LDAP solution for the last 8
months (in-between task, you know how it is :D )
I now have a working LDAP directory, have all my users imported, things
actually work! :D..(jinx!)
But now I wanna get fancy..
I've been googeling for some sort of clear description on how I can set
up a system using groups of hosts and user groups to create a selective
ACL for ssh'ing to a set of servers based on group membership.
One of my primary goals is to have it work as much "out of the box" as
possible for RHEL4 and 5 (and CentOS )
That means I want to avoid having to make changes to hosts (I have
around 60-80 linux servers today that I want over on LDAP)
So I try to avoid the solutions involving /etc/security/*
I have it working with the ldapns schema with no changes to PAM.
But this means I have to enter the specific host into each user record.
But I'm a contrary and difficult guy, and love making problems for my
self so I want to assign groups of users to groups of servers.
Oh..and SSH keys :D..but that is for when life looks sunny and I need to
be reminded that the world is a bad place.
is there anyone that can point me towards resources that are written on
this?..I already have a list of links I've been reading, and are adding
those here in case other people want to look at them:
https://help.ubuntu.com/community/LDAPClientAuthentication
http://www.redhat.com/f/pdf/rhas/NetgroupWhitepaper.pdf
http://www.padl.com/OSS/nss_ldap.html
http://www.padl.com/OSS/pam_ldap.html
http://quark.humbug.org.au/publications/ldap/system_auth/sage-au/system_auth.html
Thanks for taking the time to read this :)
--
Per