Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I would like some people's thoughts on setting up a centralized authentication / authorization for a large number of servers. So far I have been toying with user accounts and user ssh keys in ldap using pam_ldap and openssh with ldap_sshkey patch. This works pretty well so far. I have also setup Sudo to use centralized ldap rules and again this works although my Sudo rules need to be tightened up (any suggestions, pointers etc willingly accepted).
Here is the tricky part. All of our machines are RHEL-2.1/3/4 and with RHEL4 I noticed that it comes with pam_ccreds and nss_updatedb. So what I would like to do is set up connectionless authentication.
I have a cron to run nss_updatedb every hour storing user and group information to a berkelydb hash in /var/db - This works. I also have a cron job to interrogate ldap to pull down all user's ssh keys and store them locally every hour. I also setup nsswitch.conf to use ldap files db
My problem is my /etc/pam.d/system_auth - I can disconnect from LDAP, ssh will use the local ssh keys, but pam will deny the login. There does not seem to be a lot of documentation on pam_ccreds and I was wondering if anyone here has thoughts/tips ...