LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

February 2014

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS February 2014

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Sharing users among few hosts
From:	David Sommerseth <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Mon, 17 Feb 2014 15:59:29 +0100
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

On 17/02/14 12:57, צביקה הרמתי wrote:
> Hi.
> 
> I want to have several hosts, sharing the same Users Accounts database.
> i.e, user "John" will be able to seamlessly login to host1 or to host2,
> without having to manually config "John"'s credentials unto each machine.
> Nothing more than that...
> 
> LDAP seems like the solution, however, I tried to find an easy tutorial
> and understood that maybe it's a little bit overkill for my humble
> requirements.
> 
> I've read about RH Identity Management
> (https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html)
> It seemed interesting; but its DNS requirements are a little bit too
> complicated for scenerio (having the IDM server's public IP properly
> configured DNS record).
> 
> Am I missing something?
> There must be simpler way...

Setting up LDAP isn't that hard actually.  If you add Kerberos, then it
gets a bit more complicated, however.

But if you've never set up LDAP before, it may be a bit daunting in the
beginning.  Anyhow, I've read "LDAP System Administration" by Gerald
Carder (O'Reilly) [1], where I learnt the basic principles of setting up
OpenLDAP servers and clients, how LDAP functions and it covers setting
up centralised user management.  It also covers how to migrate from
passwd/shadow/group to LDAP .... Also bear in mind that you can use the
same LDAP server for other purposes as well (by using a different base
(BaseDN) - if you don't mind the security aspect of this approach).

If you just get the server correctly configured, then enabling LDAP in
SL6 is fairly simple if you use authconfig, authconfig-gtk or
authconfig-tui.  Just point User Account Database and Authentication
Method to your LDAP server, and that's basically it.  Authconfig takes
care up updating the proper config files correctly.

However, if you set up this on computers which does not have any network
access before logging on (such as laptop with wifi) - then you might
want to have a look at SSSD [2] (Also present in SL6).  It's slightly
more complicated to configure, but it can enable functional
authentication caches.  Once SSSD is configured and running, setting
your system up to use SSSD, is done by running 'authconfig --enable-sssd
--enable-sssdauth'.

[1] <http://shop.oreilly.com/product/9781565924918.do>
[2]
<https://docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/chap-SSSD_User_Guide-Introduction.html>

--
kind regards,

David Sommerseth

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV