I suggest that the LDAP user migration on deleuze be redone, using 10000 as a minimum uid for normal users. We can then start admin and other utility accounts at 9999 and go down from there. The problem is that *_admin should use local passwords and NOT Kerberos ones. There is a pam_krb5 directive that sets a minimum uid for pam_krb5 to attempt authentication. We should set this up so a KDC failure won't prevent admins from logging in due to Kerberos timeouts.
We'll have to chown all data to the new uids, but that shouldn't be a big deal. Also, I'd suggest looking into using the following for the migration: http://stuff.mit.edu/afs/athena/astaff/project/migration/src/ That same migrate.pl script is what I modified to migrate users in cells that I setup. Its old, but it seems to work. (I hope I didn't just volunteer to rewrite it for our setup, as I have very little experience with LDAP.) <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
