LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-05-2005, 03:45 AM   #1
banzai_slr
LQ Newbie
 
Registered: May 2005
Location: South Africa
Distribution: Fedora, Gentoo, CentOS & Solaris
Posts: 19

Rep: Reputation: 0
Centralized Authentication


I would like some people's thoughts on setting up a centralized authentication / authorization for a large number of servers. So far I have been toying with user accounts and user ssh keys in ldap using pam_ldap and openssh with ldap_sshkey patch. This works pretty well so far. I have also setup Sudo to use centralized ldap rules and again this works although my Sudo rules need to be tightened up (any suggestions, pointers etc willingly accepted).
Here is the tricky part. All of our machines are RHEL-2.1/3/4 and with RHEL4 I noticed that it comes with pam_ccreds and nss_updatedb. So what I would like to do is set up connectionless authentication.
I have a cron to run nss_updatedb every hour storing user and group information to a berkelydb hash in /var/db - This works. I also have a cron job to interrogate ldap to pull down all user's ssh keys and store them locally every hour. I also setup nsswitch.conf to use ldap files db
My problem is my /etc/pam.d/system_auth - I can disconnect from LDAP, ssh will use the local ssh keys, but pam will deny the login. There does not seem to be a lot of documentation on pam_ccreds and I was wondering if anyone here has thoughts/tips ...

Many thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Centralized loggin authentification stockerz Linux - Enterprise 6 10-28-2005 05:29 PM
centralized email woes ... the bishop Linux - General 2 11-17-2004 08:01 PM
Centralized login server jpbarto Linux - Networking 2 07-03-2003 01:12 PM
Centralized networked stuff tcaptain Linux - Networking 2 02-27-2003 11:55 AM
userdatabase....centralized sudo Linux - Networking 5 12-09-2002 03:59 PM


All times are GMT -5. The time now is 02:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration