Difference between revisions of "Archive:Solaris Shell Service"

From Tardis
Jump to: navigation, search
(argolin)
Line 24: Line 24:
 
other  auth required          pam_ldap.so.1
 
other  auth required          pam_ldap.so.1
 
</pre>
 
</pre>
 +
 +
More information on [http://docs.sun.com/app/docs/doc/816-4556/6maort2sp?a=view the Sun directory guide] and the [http://docs.sun.com/app/docs/doc/816-5166/6mbb1kq6e?a=view ldapclient] and [http://docs.sun.com/app/docs/doc/816-5175/6mbba7f2g?a=view pam_ldap] manual pages.
  
 
== Issues ==
 
== Issues ==

Revision as of 21:03, 9 August 2007

argolin.xen.tardis.ed.ac.uk

  • OpenSSH
  • (Will be) Externally accessible
  • Runs in xen instance on wotan

Configuration

We need to get user information from the LDAP server and authenticate against it. The following set up the basic configuration:

ldapclient manual -a authenticationMethod=none \
-a defaultSearchBase=dc=tardis,dc=ed,dc=ac,dc=uk \
-a defaultServerList=193.62.81.2 \
-a serviceAuthenticationMethod=pam_ldap:simple

It appears that specifying the server as a host name isn't good enough; not sure why...

You then need to edit /etc/pam.conf to use the pam_ldap module. Entries such as

other   auth required            pam_unix_auth.so.1

to

other   auth binding            pam_unix_auth.so.1 server_policy
other   auth required           pam_ldap.so.1

More information on the Sun directory guide and the ldapclient and pam_ldap manual pages.

Issues

  • Not mounting homedirs off NFS yet.