Account Management with NIS and LDAP

From the LPIC pre-exam tests by, I got an idea confirmed that one should be able to implement a layered "fall-through" user authentication schema using PAM in Linux.
The idea was to maintain a small set of power user and sysadmin information in NIS, because NIS provides access control as well as authentication and ties into su/sudo/sudoers at the OS level. LDAP would be used to maintain and administer several hundred or thousand accounts for customers, vendors, suppliers and other people who need access to certain machines or control specific services (such as web, application or database servers).
The PAM authentication (2.210.4) from outlines just that. Utilizing PAM's fall-through mechanism, you first check authentication credentials using NIS (sufficient), if it fails you check LDAP (sufficient) and finally the OS itself (required).


Popular posts from this blog

Tuning the nscd name cache daemon

Preventing PuTTY timeouts

Debugging sudo and sudoers