04-12-2008
re: LDAP
If you have multiple servers and require a central sign-on method across all server, then LDAP makes your life a lot easier. You only have one repository of user accounts (and passwords) that all configured servers authenticate against. You can store other details within the LDAP (Microsoft's Active Directory is an example of LDAP and what it can store).
As such, LDAP itself doesn't really provide any more security than a system which is configured for local user accounts - it's main benefit is in reducing the amount of time required to administer multiple servers.
You configure your server to authenticate with LDAP first, but your system still needs to authenticate locally in case network issues cause connection problems with your LDAP server.
Without knowing what O/S your server is running, it a little hard to provide more detail. And LDAP installation and configuration, whilst not too difficult, is still not a quick and simple task. There are plently of tuturials on the web - there's sure to be one for your specific system.
Hope this helps a little..
Last edited by melias; 04-12-2008 at 08:54 AM..
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello Everyone,
I have enabled LDAP authentication on my Web script by adding the list of valid users in /etc/apach2/default-server.conf. However, I now want to retrieve the username of the person that logs in. How can I do that? Is there any such module?
Regards,
Harsha (0 Replies)
Discussion started by: garric
0 Replies
2. UNIX and Linux Applications
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Discussion started by: bptronics
1 Replies
3. Linux
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Discussion started by: bptronics
1 Replies
4. HP-UX
Hi to all,
i try to configure an HpUx 11.23 to use a Sun Directory Server to authenticate in system.
In my ldap the users is posixAccount.
I read in www that there is a sotware called LDAPUX but it use a profile, and it requires a change that i can't execute in my ldap because it is used also... (0 Replies)
Discussion started by: suuuper
0 Replies
5. UNIX for Advanced & Expert Users
I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Discussion started by: scottsl
3 Replies
6. Red Hat
I am trying to convert all my redhat servers over to ldap. I have solved almost all the probems but am having trouble getting cvs pserver to authenticate. I'm running redhat 4. Just patched everything the other day.
cvs is cvs-1.11.17-9.1.el4_7.1. Any suggestions would be welcome.
Obviously... (1 Reply)
Discussion started by: jhtrice
1 Replies
7. Solaris
Hi folks,
i have opends 1.2 manually installed
subversion 1.4.3 and apache2 updated by package manager.
i want to access svn using LDAP authentication
its giving an error:
ldap_simple_bind_s() failed.
what could be the problem.
i wrote some text at the end of httpd.conf fpr ldap... (2 Replies)
Discussion started by: visu_buri
2 Replies
8. Solaris
Hi all,
I have two virtual machines, one with Suse and another with opensolaris 2009.06.
The ldap server is in the Suse machine.
From my opensolaris, with command ldalist i can see the information about the ldap configuration, i mean, the dn: ou:....
if i type id <ldapuser> i can see the user... (0 Replies)
Discussion started by: checoturco
0 Replies
9. AIX
Hi, We are trying to use LDAP to authenticate the login from our application. Our application is installed on AIX 6.1 and LDAP server is on active directory windows 2003.
We are getting the below error when we try to login. We have the required lib file in the path it is looking for. Any idea... (3 Replies)
Discussion started by: Nand1010_MA
3 Replies
10. Emergency UNIX and Linux Support
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
LEARN ABOUT CENTOS
pam_chauthtok
PAM_CHAUTHTOK(3) Linux-PAM Manual PAM_CHAUTHTOK(3)
NAME
pam_chauthtok - updating authentication tokens
SYNOPSIS
#include <security/pam_appl.h>
int pam_chauthtok(pam_handle_t *pamh, int flags);
DESCRIPTION
The pam_chauthtok function is used to change the authentication token for a given user (as indicated by the state associated with the
handle pamh).
The pamh argument is an authentication handle obtained by a prior call to pam_start(). The flags argument is the binary or of zero or more
of the following values:
PAM_SILENT
Do not emit any messages.
PAM_CHANGE_EXPIRED_AUTHTOK
This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired. If this
argument is not passed, the application requires that all authentication tokens are to be changed.
RETURN VALUES
PAM_AUTHTOK_ERR
A module was unable to obtain the new authentication token.
PAM_AUTHTOK_RECOVERY_ERR
A module was unable to obtain the old authentication token.
PAM_AUTHTOK_LOCK_BUSY
One or more of the modules was unable to change the authentication token since it is currently locked.
PAM_AUTHTOK_DISABLE_AGING
Authentication token aging has been disabled for at least one of the modules.
PAM_PERM_DENIED
Permission denied.
PAM_SUCCESS
The authentication token was successfully updated.
PAM_TRY_AGAIN
Not all of the modules were in a position to update the authentication token(s). In such a case none of the user's authentication
tokens are updated.
PAM_USER_UNKNOWN
User unknown to password service.
SEE ALSO
pam_start(3), pam_authenticate(3), pam_setcred(3), pam_get_item(3), pam_strerror(3), pam(8)
Linux-PAM Manual 09/19/2013 PAM_CHAUTHTOK(3)