Uou also need to get the heirarchy in the PAM files just right, so it passes local accounts, and sends others to LDAP properly.
> -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of > Post, Mark K > Sent: Wednesday, April 21, 2004 11:19 AM > To: [EMAIL PROTECTED] > Subject: Re: [LINUX-390] /etc/passwd and /etc/shadow - synchronized on > multiple images > > > It's done with the /etc/nsswitch.conf file. If you specify > "files,ldap" the > system looks at the local files first, then tries LDAP if not > found there. > > Mark Post > > -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of James > Melin > Sent: Wednesday, April 21, 2004 11:12 AM > To: [EMAIL PROTECTED] > Subject: Re: /etc/passwd and /etc/shadow - synchronized on > multiple images > > > Ahh, there's the rub... how do you set up linux so users authenticate > against LDAP but root, db2inst1, da1usr, snort, squid and so > on, do not. > > > > > "Post, Mark K" > <[EMAIL PROTECTED] > m> > To > Sent by: Linux on [EMAIL PROTECTED] > 390 Port > cc > <[EMAIL PROTECTED] > IST.EDU> > Subject > Re: /etc/passwd and > /etc/shadow - > synchronized on multiple images > 04/21/2004 10:07 > AM > > > Please respond to > Linux on 390 Port > <[EMAIL PROTECTED] > IST.EDU> > > > > > > > James, > > Are you talking about system administrator accounts, or user > accounts? As > Thomas said, using LDAP, with or without Kerberos, etc., > would be a good > idea, but _not_ for those accounts that need to be able to > login to fix > problems with those kinds of tools. You won't be happy if LDAP isn't > working, and you can't login to fix it, because both your > account and the > root account need LDAP to be available. > > Keeping things consistent across images for those so-called > "local" accounts > isn't particularly easy, when done manually, but I'm not > aware of any good, > free, tools to do that. What I've done, when creating new > images, is copy > the parts of /etc/passwd and /etc/shadow that have UIDs for > real people to > the new system, append it to the production copies, and then > run a script > that copies their existing home directories from a "source" > system, and then > does a "chown -R " on it. > > > Mark Post > > -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of James > Melin > Sent: Wednesday, April 21, 2004 9:24 AM > To: [EMAIL PROTECTED] > Subject: /etc/passwd and /etc/shadow - synchronized on multiple images > > > What is the best method to duplicate the user list, GID/UID > assignments for > users on multiple Linux guests and keep them consistent? > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access > instructions, send email > to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access > instructions, send email > to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access > instructions, send email > to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO > LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > ============================================================================== If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. <http://www.ml.com/email_terms/> ============================================================================== ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390