01-29-2010
Your opening question was about avoiding maintaining admin users in 100+ servers by centralizing their accounts on a LDAP directory, AD in your case. Choosing to maintain the user attributes on each of these servers while it is possible to have this table stored on a single location is, in my opinion, not the best solution.
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
All newly created Aix5 users are forced to change password first time when they log in. We know removing the ADMCHG flag in passwd file will not prompt the user for change password. But we are trying to figure out the similar solution if the user is created as a LDAP user ?. Any help?
Thanks... (0 Replies)
Discussion started by: vipas
0 Replies
2. UNIX for Advanced & Expert Users
hi,
is it possible to link users on a LDAP-Server from one container to another?
we have two trees, one for AIX and one for solaris-linux
but we have a few users in both trees, they should have the same password and a password change must affect both entries
we use IBM Directory Server... (3 Replies)
Discussion started by: funksen
3 Replies
3. Linux
Any way to find the ldap users currently logged into the clinets ? I am using Openldap with NFS for home directory mounts. (0 Replies)
Discussion started by: nitin09
0 Replies
4. AIX
Hi All,
i would like to know if it's possible to create a new custom role on HMC to manage only one LPAR and few activity on it (START,STOP,CONSOLE).
It's possible create this custom role?
If yes where i can read something about?
Thanks in advance.
Bye.
Zio (1 Reply)
Discussion started by: Zio Bill
1 Replies
5. Linux
Need to find the ldap id's of all the users in my organizations... is there any command??? (0 Replies)
Discussion started by: Syed Imran
0 Replies
6. AIX
Hello everyone, I am having trouble with something, and I can't find the right answer online. On our company, we are using LDAP Authentication with Active Directory (Windows 2008 Servers) to have a centralized management of AIX 7.1 users.
So far so good, but now, we want to implement RBAC on... (7 Replies)
Discussion started by: Janpol
7 Replies
7. UNIX and Linux Applications
I have these two table. How do I see if user roles and system roles are seperated?
SQL> desc DBA_ROLES;
Name Null? Type
----------------------------------------- -------- ----------------------------
ROLE NOT NULL... (1 Reply)
Discussion started by: alvinoo
1 Replies
8. Solaris
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies
9. Solaris
Oracle Solaris 10 9/10 s10s_u9wos_14a SPARC
Hi, just starting with RBAC. I have managed to create a test user with assigned roles:
Basic Actions
Basic Solaris UserI also didroleadd -d /export/home/userrole -m userrolebut when I didrolemod -P "Basic Actions" userrole
rolemod -P "Basic... (1 Reply)
Discussion started by: rino19ny
1 Replies
LEARN ABOUT OSF1
kas_unlock
KAS_UNLOCK(8) AFS Command Reference KAS_UNLOCK(8)
NAME
kas_unlock - Unlocks a locked user account
SYNOPSIS
kas unlock -name <authentication ID>
[-admin_username <admin principal to use for authentication>]
[-password_for_admin <admin password>] [-cell <cell name>]
[-servers <explicit list of authentication servers>+]
[-noauth] [-help]
kas u -na <authentication ID>
[-a <admin principal to use for authentication>]
[-p <admin password>] [-c <cell name>]
[-s <explicit list of authentication servers>+] [-no] [-h]
DESCRIPTION
The kas unlock command unlocks the Authentication Database entry named by the -name argument. An entry becomes locked when the user exceeds
the limit on failed authentication attempts, generally by providing the wrong password to either an AFS-modified login utility or the klog
command. Use the kas setfields command to set the limit and the lockout time, and the kas examine command to examine the settings.
To unlock all locked user accounts at once, shutdown the kaserver process on every database server machine, and remove the
/var/lib/openafs/local/kaauxdb file from each one. The kaserver process recreates the file as it restarts.
OPTIONS
-name <authentication ID>
Names the Authentication Database entry to unlock.
-admin_username <admin principal>
Specifies the user identity under which to authenticate with the Authentication Server for execution of the command. For more details,
see kas(8).
-password_for_admin <admin password>
Specifies the password of the command's issuer. If it is omitted (as recommended), the kas command interpreter prompts for it and does
not echo it visibly. For more details, see kas(8).
-cell <cell name>
Names the cell in which to run the command. For more details, see kas(8).
-servers <authentication servers>+
Names each machine running an Authentication Server with which to establish a connection. For more details, see kas(8).
-noauth
Assigns the unprivileged identity "anonymous" to the issuer. For more details, see kas(8).
-help
Prints the online help for this command. All other valid options are ignored.
EXAMPLES
In the following example, an administrator using the "admin" account unlocks the entry for "jones":
% kas unlock -name jones -admin_username admin
Administrator's (admin) Password:
PRIVILEGE REQUIRED
The issuer must have the "ADMIN" flag set on his or her Authentication Database entry.
SEE ALSO
kas(8), kas_examine(8), kas_setfields(8), klog(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas
Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2012-03-26 KAS_UNLOCK(8)