Sean Carolan wrote:
>> It's not clear to me what OS/distribution you're doing this on, but for
>> the most part we have cfengine run authconfig on our Red Hat boxes to
>> set up the basic LDAP auth (it's a one-liner if done that way), and then
>> push around the sshd_config file.
>>
>
> We have a combination of centos and Red Hat servers, so the authconfig
> should work just as you mentioned. Mind if I ask which action you
> used in your cfengine policy to do this?
>
No problem... ours is under shellcommands, and looks something like this:
role_ldap_clients::
"/usr/sbin/authconfig --enableldap --enableldapauth --enablecache
--ldapserver=ldaphost --ldapbasedn="dc=example,dc=com" --enableldaptls
--disableshadow --kickstart"
Incidentally, that may also answer your other question about how to
disable local shadow file passwords.
