Hello, I have configured openldap for SSO. Now I am authenticating all of my linux boxes with this SSO. Now I have requirement that my root user should not authenticate through this SSO. Rest of all users should authenticate through this. Can any one have any suggestion for this.
Thannn Koooo Hammad Ahmad
If you are asking if the superuser account on a Linux system should authenticate via something other than the local files (/etc/password, / etc/shadow, etc), then I would remark that that is not something I would recommend.
On Apr 8, 2009, at 2:47 AM, Hammad Ahmad Bhatti wrote:
Hello, I have configured openldap for SSO. Now I am authenticating all of my linux boxes with this SSO. Now I have requirement that my root user should not authenticate through this SSO. Rest of all users should authenticate through this. Can any one have any suggestion for this.
Thannn Koooo Hammad Ahmad
======
Terry.Gardner@Sun.COM Blog: http://blogs.sun.com/terrygardner Blog: http://dtfar.blogspot.com Twitter: http://twitter.com/tgardner SLAMD: http://slamd2.dev.java.net
"The best things in life are not things."
Thank you terry for bothering this. Actually I want that super user should authenticate locally like /etc/passwd or /etc/shadow. Please advice if you have any suggestion for this.
Hammad Ahmad | Associate Network Administrator | Network Operations Center | noc@i2cinc.com
i2c Inc. | 1300 Island Drive, Suite 105, Redwood City, CA 94065| URL: www.i2cinc.com
Tel: (650) 593 5400 x4105 | 24x7 NOC: (650) 480 5291 | Fax: (650) 593 5402
-----Original Message----- From: Terry.Gardner@Sun.COM [mailto:Terry.Gardner@Sun.COM] Sent: Wednesday, April 08, 2009 5:50 PM To: Hammad Ahmad Bhatti Cc: openldap-technical@openldap.org Subject: Re: Ldap authentication
If you are asking if the superuser account on a Linux system should authenticate via something other than the local files (/etc/password, / etc/shadow, etc), then I would remark that that is not something I would recommend.
On Apr 8, 2009, at 2:47 AM, Hammad Ahmad Bhatti wrote:
Hello, I have configured openldap for SSO. Now I am authenticating all of my linux boxes with this SSO. Now I have requirement that my root user should not authenticate through this SSO. Rest of all users should authenticate through this. Can any one have any suggestion for this.
Thannn Koooo Hammad Ahmad
======
Terry.Gardner@Sun.COM Blog: http://blogs.sun.com/terrygardner Blog: http://dtfar.blogspot.com Twitter: http://twitter.com/tgardner SLAMD: http://slamd2.dev.java.net
"The best things in life are not things."
Hello,
How about this: Dont create an ldap entry for the root account and use "files ldap" in your nsswitch.conf?
passwd: files ldap group: files ldap
Cheers, Claus
-----Ursprüngliche Nachricht----- Von: openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-technical-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Hammad Ahmad Bhatti Gesendet: Mittwoch, 8. April 2009 14:58 An: Terry.Gardner@sun.com; openldap-technical@openldap.org Betreff: RE: Ldap authentication
Thank you terry for bothering this. Actually I want that super user should authenticate locally like /etc/passwd or /etc/shadow. Please advice if you have any suggestion for this.
Hammad Ahmad | Associate Network Administrator | Network Operations Center | noc@i2cinc.com
i2c Inc. | 1300 Island Drive, Suite 105, Redwood City, CA 94065| URL: www.i2cinc.com
Tel: (650) 593 5400 x4105 | 24x7 NOC: (650) 480 5291 | Fax: (650) 593 5402
-----Original Message----- From: Terry.Gardner@Sun.COM [mailto:Terry.Gardner@Sun.COM] Sent: Wednesday, April 08, 2009 5:50 PM To: Hammad Ahmad Bhatti Cc: openldap-technical@openldap.org Subject: Re: Ldap authentication
If you are asking if the superuser account on a Linux system should authenticate via something other than the local files (/etc/password, / etc/shadow, etc), then I would remark that that is not something I would recommend.
On Apr 8, 2009, at 2:47 AM, Hammad Ahmad Bhatti wrote:
Hello, I have configured openldap for SSO. Now I am authenticating all of my linux boxes with this SSO. Now I have requirement that my root user should not authenticate through this SSO. Rest of all users should authenticate through this. Can any one have any suggestion for this.
Thannn Koooo Hammad Ahmad
======
Terry.Gardner@Sun.COM Blog: http://blogs.sun.com/terrygardner Blog: http://dtfar.blogspot.com Twitter: http://twitter.com/tgardner SLAMD: http://slamd2.dev.java.net
"The best things in life are not things."
openldap-technical@openldap.org
-
Hammad Ahmad Bhatti -
Kick, Claus -
Terry Gardner