Re: LDAP and NIS

From: John Jolet (john.jolet@FXFN.COM)
Date: Tue Nov 18 2003 - 15:59:09 EST

maybe someone else on this list can answer that question. We haven't tested 5.2 yet, so haven't tested pam. If you want to set up a master nis server that's fed from ldap, I can speak to that.

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
cbaker@GOODYEAR.COM
Sent: Tuesday, November 18, 2003 2:38 PM
To: aix-l@Princeton.EDU
Subject: Re: LDAP and NIS
Importance: High

John,

This sounds great....but how do I do it? If I wanted to try it, what do
I have to do to change a RS/6K that is (was) an NIS client so that it now
goes to a LDAP server and verifies a password as right? Got a white paper
or something that gives the commands to set up "pam"?

Christopher M. Baker
Goodyear Tire and Rubber Company

                      John Jolet
                      <john.jolet@FXFN To: aix-l@Princeton.EDU
                      .COM> cc: (bcc: Chris Baker/NA/GDYR)
                      Sent by: IBM AIX Subject: Re: LDAP and NIS
                      Discussion List
                      <aix-l@Princeton
                      .EDU>

                      11/18/2003 01:24
                      PM
                      Please respond
                      to IBM AIX
                      Discussion List

pluggable authentication modules...that's what linux and, to a lesser
extent, solaris use. basically, the os authenticates to pam, which (as the
name suggests) has methods that plug into it. these methods can be
"required" or "sufficient". for instance, i can require you to either have
BOTH a password locally and a password in ldap, OR just a biometric method.
you can stack the methods. at that point the os doesn't care how you
really authenticate.

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
cbaker@GOODYEAR.COM
Sent: Tuesday, November 18, 2003 12:05 PM
To: aix-l@Princeton.EDU
Subject: Re: LDAP and NIS
Importance: High

pam?

Christopher M. Baker
Goodyear Tire and Rubber Company

                      John Jolet
                      <john.jolet@FXFN To: aix-l@Princeton.EDU
                      .COM> cc: (bcc: Chris
Baker/NA/GDYR)
                      Sent by: IBM AIX Subject: Re: LDAP and NIS
                      Discussion List
                      <aix-l@Princeton
                      .EDU>

                      11/18/2003 11:47
                      AM
                      Please respond
                      to IBM AIX
                      Discussion List

if you're running 5.2, there is pam for aix now. what i did on my 4.3.3
systems was write a perl script to populate my map sources from ldap and
just authenticate via nis on the boxes that wouldn't do ldap. but it was
all backed by ldap

-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
cbaker@GOODYEAR.COM
Sent: Tuesday, November 18, 2003 9:44 AM
To: aix-l@Princeton.EDU
Subject: LDAP and NIS
Importance: High

We are an NIS shop. Want to authenticate users via LDAP now rather than
the NIS password maps. We have a LDAP server. It is presently RedHat 9
running OpenLDAP.

Can I have users logging into AIX systems (local and remotely) using LDAP
as their only auth. method?

How do I do that? What do I switch?

If there are users who are not in the LDAP system, can I still auth those
via a much smaller NIS password map?

Thanks,

Christopher M. Baker
Goodyear Tire and Rubber Company

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:21 EDT