Yes, you're on the right track. I use the Sun LDAP server for users on Solaris and AIX. If you want to limit which hosts a user can access, you can add the 'host' attribute for each system you want a user to log into. If you'd like to go this route, then you'll use the standard pam ldap module for authorization but you'll have to get it compiled for the Solaris side. You'll also need to make changes to the Solaris /etc/pam.conf file.
You can also use the pam_mkhomedir module to automatically create a user's home directory when they first logon to a system. And like the other people said, you will need to still maintain a local passwd and shadow file though they'll be used only for system accounts like 'root'. ---- Glenn Pitcher Security Engineer MedImpact Healthcare Systems, Inc. San Diego, CA glenn dot pitcher at medimpact.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of dubaisans dubai > Sent: Wednesday, September 27, 2006 12:57 AM > To: [email protected] > Subject: LDAP in Unix > > > I have 100 + unix servers primarily Linux and solaris. > > I am new to LDAP. > > I would like to use Sun ONE Directory server and centralise the user > > creation. Once I have LDAP based Directory server is the > following true? > > 1. Whenever a new user has to be created I will create on the SunOne > > server and say it is valid only on this host(s).There is no > need to create the user at the host > > 2. There is no /etc/passwd and /etc/shadow files on the > individual hosts > > anymore or they are not of any importance. All the passwords are > > stored only in the Directory server. > > 3. As a later stage I would like to give RSA securID > authentication to selected set of high privilege users. > > Is LDAP and Sun one the right direction? > > ------------------------------------------------------------------------------------------------------------------------ This transmission, together with any attachments, is intended only for the use of those to whom it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any distribution or copying of this transmission is strictly prohibited. If you received this transmission in error, please notify the original sender immediately and delete this message, along with any attachments, from your computer.
