[HPADM] Re: HP/UX NIS to LDAP

From: Steve Bonds (ugvgml902_at_sneakemail.com)
Date: 05/29/04

  • Next message: Lanier, John: "[HPADM] Can't list backup tape contents created on a T-Series 9000 system (using "fbackup") from a D-Series 9000 system." 
    Date: Fri, 28 May 2004 15:21:14 -0700 (PDT)
To: hpux-admin@dutchworks.nl

    On Fri, 28 May 2004, Marshall, Richard Richard.Marshall-at-arbella.com
    |hpux-admin| wrote:

    > We are in the process of developing the requirements for our new HP/UX
    > RP8420 system environment and there has been some discussion about
    > migrating from our current NIS process to manage user accounts to LDAP.
    > I have no experience using LDAP and started reading as much as possible
    > in order to understand the benefits of using LDAP, but as always would
    > like to include the experience of the "REAL WORLD" and would welcome all
    > comments and suggestions.

    I'm working on something similar, so while you all are thinking about
    LDAP, let me know what you think of this:

    I've seen too many reports of various issues using pluggable
    authentication modules on HP-UX. Most of these are no fault of HP-UX, but
    rather are problems with people writing applications that falsely assume
    either NIS or /etc/passwd authentication are in use and there are no other
    possibilities. In order to avoid this, I've come up with a scheme to keep
    all the authentication data in LDAP but write a script that generates an
    appropriate /etc/passwd file for each server and sends them out.

    My biggest concern is that something will go wrong with the transfer and
    the /etc/passwd file ends up blanked out. The script that does the copy
    will go to great pains to avoid this.

    Has anyone else implemented anything like this? What sorts of problems
    can you forsee?

    Thanks,

      -- Steve 

    --
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)
  • Next message: Lanier, John: "[HPADM] Can't list backup tape contents created on a T-Series 9000 system (using "fbackup") from a D-Series 9000 system."

    Relevant Pages

    • Re: PAM & LDAP - Pointer anyone?
      ... We tried PAM LDAP and ditched it. ... If you are worried about security, I would not recommend running NIS. ... instead by the FreeBSD ypbind and ypldapd. ... can be tightened so as to ensure password authentication only ever happens ...
      (FreeBSD-Security)
    • Summary: NIS+ and LDAP - Single sign on
      ... The overwhelming response was that NIS+ is proprietary and that Sun will not ... The majority of the responses indicate that LDAP is the way to go. ... I mainly need this for authentication (login ... Everybody is going LDAP these days: Sun, ...
      (SunManagers)
    • Re: Idiots intro to LDAP - Where?
      ... > description rather than asking specifically about LDAP, ... > I've been able to figure out, I need either LDAP or NIS, and NIS is ... > site-wide spam filters at catherders.com. ... You might look at the expect script 'passmass'. ...
      (comp.os.linux.misc)
    • Re: Idiots intro to LDAP - Where?
      ... > description rather than asking specifically about LDAP, ... > I've been able to figure out, I need either LDAP or NIS, and NIS is ... > site-wide spam filters at catherders.com. ... You might look at the expect script 'passmass'. ...
      (comp.os.linux)
    • LDAP authentication failure
      ... I'm trying to migrate my user's authentication from NIS to LDAP. ... On my server, I think I have everything set up okay. ...
      (RedHat)
    • Quantcast