On 2008-09-22, Simon Blunt <[EMAIL PROTECTED]> wrote:
>
> a) User passwords
> -> ldap
> b) control who can access which boxes
> -> ldap group
And probably netgroups.. ?
> c) control who can gain root system wide
> -> no idea?
Use sudo, with config in LDAP.
> d) control who can gain root on a certain box only
> -> no idea?
Use sudo, with config in LDAP:
http://www.gratisoft.us/sudo/readme_ldap.html
> Once that is solved, I'd like some way of managing ssh public keys.
> The LPK patch to openssh looks promising, where ldap keys are looked
> up in ldap, but this is not in RHEL.
> What do other people use for this?
I'm considering putting keys in ldap (using the LPK schema), and
either have pam_oddjob_mkdir push the authorized_keys upon first
login, or maybe just provide a simple script the users can run
to pull their key from ldap to authorized_keys.
-jf
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list