Skip to main content

NIS/LDAP Gateway


Been looking some more into the user administration issues I face when maintaining a few hunderd Linux servers for various people, customers and developers...
Centrify seems to have a nice product that allows me to authenticate Linux users against an (existing) MS Active Directory Server (AD). While that is nice, it is not enough. Granted, their DirectControl family of products covers a lot and is nice, what I miss is the ability to control which user can issue what commands on a Linux/Unix level. That is, DirectControl does not seem to link into the su/sudo/sudoers facilities of Linux.

NIS is a common way to centralize Linux user management on a network and control access to servers, do password management and so on. However, I thought NIS was largely incompatible with more common, cross-platform directory solutions such as LDAP. Even MS AD can talk LDAP! ;) So I was more than happy to discover that PADL provides free toosl to help migrate from flat access files (passwd, NIS, etc.) to LDAP. Even better for enterprise style clients, they also have a commercial NIS/LDAP Gateway. Cool!

I love LDAP. It scales, is cross-platform, has easy tools (win/linux) and is well known and proven. But it only does authentication, not authorization. NIS is great in that it integrates with Linux and adheres to su/sudo/sudoers...

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Preventing PuTTY timeouts

Just found a great tip to prevent timeouts of PuTTY sessions. I'm fine with timeouts by the host, but in our case the firewall kills sessions after 30 minutes of inactivity... When using PuTTY to ssh to your Linux/Unix servers, be sure to use the feature to send NULL packets to prevent a timeout. I've set it to once every 900 seconds, i.e. 15 minutes... See screenshot on the right.
1 comment
Read more

Removing VGs or LVs from LVM

While are many excellent tutorials about creating and using LVM on Linux, not may show you how you can remove disks from LVM Volume Groups (VG) and reclaim storage or how to remove a Logical Volume (LV) from your LVM set-up. Here is what I did: Use -t to TEST ANY LVM action first! We are going to release 1 TB from LVM. The Volume group was extended with 1 TB storage to serve as a cheap NFS/CIFS file server when setting up our data center. It is now deprecated and replaced by a NAS so it's no longer needed. 1) check LVM; note the four 256 GB LUNs [root@server ~]# pvscan -v Wiping cache of LVM-capable devices Wiping internal VG cache Walking through all physical volumes PV /dev/sdb1 VG vgdata lvm2 [50.00 GB / 0 free] PV /dev/sdc1 VG vgdata lvm2 [256.00 GB / 0 free] PV /dev/sdd1 VG vgdata lvm2 [256.00 GB / 0 free] PV /dev/sde1 VG vgdata lvm2 [256.00 GB / 0 free] PV /dev/sdf1 VG vgdata lvm2 [256.00 GB / 0 free] PV /dev/sdg ...
Post a Comment
Read more

Dell Linux - OMSA Hardware Monitoring

Just getting started using Dell's OpenManage Server Administrator (OMSA) on our Oracle Linux platform. There are some confusing instructions going around so it's not immediately clear what to do, hence my blogging here. :) There is a site on Dell - Hardware Monitoring , as well as a wiki with instruction on how to setup their OMSA tooling using yum or up2date. [update]My first update for their instructions: be sure your server has Internet access, as most servers will use a proxy or so. use export http_proxy=http://yourproxy.example.com:port to configure it just for the session, and setup up2date to use an HTTP proxy by editing the settings in /etc/sysconfig/rhn/up2date .
2 comments
Read more