Account Management with NIS and LDAP


From the LPIC pre-exam tests by snow.nl, I got an idea confirmed that one should be able to implement a layered "fall-through" user authentication schema using PAM in Linux.
The idea was to maintain a small set of power user and sysadmin information in NIS, because NIS provides access control as well as authentication and ties into su/sudo/sudoers at the OS level. LDAP would be used to maintain and administer several hundred or thousand accounts for customers, vendors, suppliers and other people who need access to certain machines or control specific services (such as web, application or database servers).
The PAM authentication (2.210.4) from snow.nl outlines just that. Utilizing PAM's fall-through mechanism, you first check authentication credentials using NIS (sufficient), if it fails you check LDAP (sufficient) and finally the OS itself (required).

No comments: