Nope.. Once in LDAP and everything is configured correctly on the linux box, you don't have to do anything to passwd or shadow to let a user log on to the box. I currently have this kind of setup using RHEL and it works great! -----Original Message----- From: fedora-directory-devel-bounces@xxxxxxxxxx [mailto:fedora-directory-devel-bounces@xxxxxxxxxx] On Behalf Of T.J. Yang Sent: Wednesday, August 24, 2005 9:34 AM To: fedora-directory-devel@xxxxxxxxxx Subject: Re: [Fedora-directory-devel] Does FDS 7.1 support RFC2307 ? >From: Keith Sharp <kms@xxxxxxxxxxxxxx> >Reply-To: kms@xxxxxxxxxxxxxx,"Fedora Directory server developer >discussion." <fedora-directory-devel@xxxxxxxxxx> >To: fedora-directory-devel@xxxxxxxxxx >Subject: Re: [Fedora-directory-devel] Does FDS 7.1 support RFC2307 ? >Date: Wed, 24 Aug 2005 14:15:43 +0100 > >On Wed, 2005-08-24 at 07:11 -0500, T.J. Yang wrote: > > > Reading RFC 2307 Section 5.1 and 5.2 but it is still vague for me. > > Which OS and which software module has Secction 5.2 functions >implemented ? > >I have done a degree of NIS replacement (passwd, group and automount >entries) using the Fedora Core Linux operating system as both the client >and the server. The LDAP server I used was OpenLDAP. >The functions in section 5.2 are normally implemented in the standard >libc library. On Fedora Core that is glibc, and the implementation uses >the files /etc/nsswitch.conf to determine which directory to use to >lookup information: files, NIS, LDAP, etc. For authentication you may >also need to configure the PAM system to use LDAP. Fedora Core provides >a utility called system-config-authentication that has a simple GUI for >configuring these systems. > I played with LDAP authentition a while back. I was quite happy I could have a ftp server(proftpd ?) setup to use ldap auth. I went on to pursure telnet authentication. after helps from others, I was able to setup a RH9 box to authenticate user from my corporate ldap account. but the catch is before ldap user can login, I need to create that same ldap account locally in /etc/passwd file. This sort of beat the purpose of ldap auth. I havn't pursue this for about two years, Is RHEL3/4 still require the inseration of user entry into /etc/passwd ? My goal is to have configure a Unix box to allow telnet/ssh login from users with a valid ldap account.Also I like to restrict the login access base on a ldap user's group. tj >Support on other operating systems and libc implementations will vary, >you should contact the vendors or appropriate support groups for those >operating systems. > >Keith. > >-- >Fedora-directory-devel mailing list >Fedora-directory-devel@xxxxxxxxxx >https://www.redhat.com/mailman/listinfo/fedora-directory-devel -- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
