Michael Hannon <[email protected]> writes: > Greetings. We're exploring the use of OpenLDAP as an authentication > service on an SL 5.2 system (i386). (Yea, I know: welcome to the 20th > century.) We'd like to be able to use it to enable logins via ssh, > among other things. > > If you have a recipe for doing such things, will you please send me a > pointer to it? Thanks.
Yes, I do this for my group's workstations and department's servers. I run a predominantly Debian environment, but besides the exact names of the packages you need to install, my notes should be fairly general and apply to an SL based install. You can take a look here: http://www.phy.bnl.gov/computing/index.php/Ldap_Authentication_Server For me the trickiest part was getting the client PAM config correct in order to support "pam_check_host_attr" so as to limit who can log into what machine. Almost all instructions I read, at that time, simply got this wrong. I have also developed some Python code to manage LDAP for this purpose and have customized things to integrate am-util's automounter and puppet configuration management. If you (or others) are interested in any of this let me know and I can elaborate. -Brett.
