I would like to have a local admin type account on ~700 Open Solaris snv_81 boxes that can only be used when LDAP is *not* working.
When the network is up and running we would like all access to be only for LDAP users, but if LDAP is down, there is a "backdoor" in via the router that the OpenSolaris boxes are plugged into - they are all connected back to a central location via an OpenVPN tunnel, so if the tunnel is up we can ssh in as an LDAP user no problem. If LDAP is down, then we need local access to the box, but my boss doesn't want the localadmin account to be used if LDAP is working. I thought about using the following in /etc/nsswitch.conf, but I'm not sure if it would break other things: passwd: ldap [NOTFOUND=return] files Currently it's set to passwd: files ldap Would that work? Or is there a better way to do this? -- This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list [email protected]
