Re: Kerberos+LDAP+NIS?

To: Nils Erik Svangård <nilserik@gmail.com>
Cc: debian-user@lists.debian.org
Subject: Re: Kerberos+LDAP+NIS?
From: Ryan Schultz <schultz.ryan@gmail.com>
Date: Thu, 21 Jul 2005 12:02:00 -0400
Message-id: <[🔎] 200507211202.06895.schultz.ryan@gmail.com>
In-reply-to: <[🔎] 82f936c2050721022128ed88b2@mail.gmail.com>
References: <[🔎] 82f936c205072002197ec4a0ee@mail.gmail.com> <[🔎] 200507201737.47794.rschultz@ithaca.homelinux.net> <[🔎] 82f936c2050721022128ed88b2@mail.gmail.com>

On Thursday 21 July 2005 05:21 am, Nils Erik Svangård wrote:
> Hi!
> Great answer! I will work with this and see if I can get it working.
> Regarding the setup, it's not really finished I think. They havent
> investigated how and what informations should be stored on the LPAD, I
> know for sure that the uid is stored there but other stuff needed for
> a working login on linux isnt there, like default shell.
> I think that if I can set a default shell on login I guess I could use
> LDAP/kerberos + automount and get the same result that I currently get
> with NIS/Kerberos. All the users are on the same nfs export I think,
> so it wont require that much automount magic. And I just checked on
> the LDAP, there is a unused field called NFS home, so if I fill in the
> correct parameter like filerserver.ltu.se:/home/nisse in that I could
> automount that.
> Do you think thats a workable alternative?
> The problem is that there is no shell information and I not 100% sure
> that the unix id in LDAP is the same as in NIS (it should be, and the
> NIS one should be change if it differs).
> /nisse
>
> On 7/20/05, Ryan Schultz <schultz.ryan@gmail.com> wrote:
> > On Wednesday 20 July 2005 02:41 pm, Nils Erik Svangård wrote:
> > > I cant! I dont have the authority to do that.
> > > I have setup NIS which authenticate via the Kerberos server. I guess
> > > it would be easiest to just add a group in NIS but LDAP is the future
> > > and there is such nice GUIs.
> snip <

Just so you know, you can store everything needed for login and then some in 
LDAP. Here's an example, this is the result of an ldapsearch for my name:

# rschultz, users, schultz.local
dn: uid=rschultz,ou=users,dc=schultz,dc=local
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: rschultz
cn: Ryan Schultz
sn: Schultz
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/rschultz
loginShell: /usr/bin/zsh
mail: rschultz@telemachus.schultz.local

There's no password info and such because pam_krb5 handles that.

However, addressing your main question, I don't know anything at all about NFS 
automounting :- (   Maybe someone else can help you more. Give the LDAP NFS 
home option a shot, it should work like advertised. I wouldn't worry too much 
about shell information until you get everything working, since I think it 
will just default to bash if no shell info is available.

-- 
Ryan Schultz
-> floating point exception: divide by cucumber

Attachment: pgpVbbxpA7BM7.pgp
Description: PGP signature

Reply to:

References:
- Kerberos+LDAP+NIS?
  - From: Nils Erik Svangård <nilserik@gmail.com>
- Re: Kerberos+LDAP+NIS?
  - From: Ryan Schultz <schultz.ryan@gmail.com>
- Re: Kerberos+LDAP+NIS?
  - From: Nils Erik Svangård <nilserik@gmail.com>

Prev by Date: HTML and script font was: Re: Sound Configuration
Next by Date: Re: For the love of GOD!!!
Previous by thread: Re: Kerberos+LDAP+NIS?
Next by thread: Application Performance Monitoring
Index(es):
- Date
- Thread