Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: LDAP - sanity check
Special Forums Cybersecurity LDAP - sanity check Post 302595463 by oly_r on Friday 3rd of February 2012 08:18:15 AM
Old 02-03-2012
LDAP - sanity check
I have recently changed jobs and where i used to work we had kerberos. Here they have nothing resembling central password management or Network Authentication. I have started looking at LDAP but wonder if that is a good choice. we have a solaris/centos environment (no windows whoo hooo) with 4 admin types. Currently each of the systems has a local password and is a bear to try and get passwords changed.

I've never set up LDAP so would also appreciate any recommendations.
 

8 More Discussions You Might Find Interesting

1. Debian

./configure is broken - /lib/cpp fails sanity check

Hi, I first wanted to install my NIC drivers but it said: Makefile:62: *** Linux kernel source not found. Stop. So I installed the kernel source: linux-source-2.6.18_2.6.18.dfsg.1-13etch5_all.deb 1) cd /usr/src 2) -xjvf linux-source.2.6.18.extension (forget what it was) 3) ln -s... (12 Replies)
Discussion started by: Virtuality
12 Replies

2. UNIX for Advanced & Expert Users

*** [Gentoo] sanity check failed! ***

I faced the following error while configuring the spine for cacti. Can any one help me to sort out this problem: hecking how to run the C++ preprocessor... g++ -E checking for g77... g77 checking whether we are using the GNU Fortran 77 compiler... yes checking whether g77 accepts -g... yes... (1 Reply)
Discussion started by: praveen_b744
1 Replies

3. Solaris

lib/cpp fails sanity check

I'm trying to install a new library for php but everytime I run configure I got the following error "lib/cpp" fails sanity check. My OS is solaris 10 Any help on how to solve this issue would be highly appreciated (3 Replies)
Discussion started by: dahr
3 Replies

4. UNIX for Advanced & Expert Users

Check EOF char in Unix. OR To check file has been received completely from a remote system

Advance Thanks. (1) I would like to know any unix/Linux command to check EOF char in a file. (2) Or Any way I can check a file has been reached completely at machine B from machine A. Note that machine A ftp/scp the file to machine B at unknown time. (5 Replies)
Discussion started by: alexalex1
5 Replies

5. UNIX for Advanced & Expert Users

something like LDAP Administrator 2011.1 "LDAP-SQL" but for the CLI

Hi I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI. Wish to use LDAP-SQL in scripts (non Windows GUI environment) http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png Softerra LDAP Administrator 2011.1 - What's New OS is... (2 Replies)
Discussion started by: slashdotweenie
2 Replies

6. Shell Programming and Scripting

Perl code to check date and check files in particular dir

Hi Experts, I am checking how to get day in Perl. If it is “Monday” I need to process…below is the pseudo code. Can you please prove the code for below condition. if (today=="Monday" ) { while (current_time LESS THAN 9:01 AM) ... (1 Reply)
Discussion started by: ajaypatil_am
1 Replies

7. Cybersecurity

iptables rule sanity check?

why would: iptables -A INPUT -s 180.0.0.0/8 -j DROP along with /etc/hosts.deny rule of ALL: 180.0.0.0/8 not stop traffic to/from 180.x.x.x, which I still see by running iftop? Or could iftop just be showing an artifact and is there a better way to monitor connections real-time? (3 Replies)
Discussion started by: unclecameron
3 Replies

8. Solaris

LDAP Client not connecting to LDAP server

I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful. The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Discussion started by: solaris_1977
9 Replies

LEARN ABOUT REDHAT

kas_setpassword

KAS_SETPASSWORD(8)					       AFS Command Reference						KAS_SETPASSWORD(8)

NAME

       kas_setpassword - Changes the key field in an Authentication Database entry

SYNOPSIS

       kas setpassword -name <name of user>
	   [-new_password <new password>] [-kvno <key version number>]
	   [-admin_username <admin principal to use for authentication>]
	   [-password_for_admin <admin password>] [-cell <cell name>]
	   [-servers <explicit list of authentication servers>+]
	   [-noauth] [-help]

       kas setpasswd -na <name of user> [-ne <new password>]
	   [-k <key version number>]
	   [-a <admin principal to use for authentication>]
	   [-p <admin password>] [-c <cell name>]
	   [-s <explicit list of authentication servers>+] [-no] [-h]

       kas setp -na <name of user> [-ne <new password>]
	   [-k <key version number>]
	   [-a <admin principal to use for authentication>]
	   [-p <admin password>] [-c <cell name>]
	   [-s <explicit list of authentication servers>+] [-no] [-h]

       kas sp -na <name of user> [-ne <new password>]
	   [-k <key version number>]
	   [-a <admin principal to use for authentication>]
	   [-p <admin password>] [-c <cell name>]
	   [-s <explicit list of authentication servers>+] [-no] [-h]

DESCRIPTION

       The kas setpassword command accepts a character string of unlimited length, scrambles it into a form suitable for use as an encryption key,
       places it in the key field of the Authentication Database entry named by the -name argument, and assigns it the key version number
       specified by the -kvno argument.

       To avoid making the password string visible at the shell prompt, omit the -new_password argument. Prompts then appear at the shell which do
       not echo the password visibly.

       When changing the afs server key, also issue bos addkey command to add the key (with the same key version number) to the
       /etc/openafs/server/KeyFile file. See the OpenAFS Administration Guide for instructions.

       The command interpreter checks the password string subject to the following conditions:

       o   If there is a program called kpwvalid in the same directory as the kas binary, the command interpreter invokes it to process the
	   password. For details, see kpwvalid(8).

       o   If the -reuse argument to the kas setfields command has been used to prohibit reuse of previous passwords, the command interpreter
	   verifies that the password is not too similar too any of the user's previous 20 passwords. It generates the following error message at
	   the shell:

	      Password was not changed because it seems like a reused password

	   To prevent a user from subverting this restriction by changing the password twenty times in quick succession (manually or by running a
	   script), use the -minhours argument on the kaserver initialization command. The following error message appears if a user attempts to
	   change a password before the minimum time has passed:

	      Password was not changed because you changed it too
	      recently; see your systems administrator

OPTIONS

       -name <name of user>
	   Names the entry in which to record the new key.

       -new_password <new password>
	   Specifies the character string the user types when authenticating to AFS. Omit this argument and type the string at the resulting
	   prompts so that the password does not echo visibly. Note that some non-AFS programs cannot handle passwords longer than eight
	   characters.

       -kvno <key version number>
	   Specifies the key version number associated with the new key.  Provide an integer in the range from 0 through 255. If omitted, the
	   default is 0 (zero), which is probably not desirable for server keys.

       -admin_username <admin principal>
	   Specifies the user identity under which to authenticate with the Authentication Server for execution of the command. For more details,
	   see kas(8).

       -password_for_admin <admin password>
	   Specifies the password of the command's issuer. If it is omitted (as recommended), the kas command interpreter prompts for it and does
	   not echo it visibly. For more details, see kas(8).

       -cell <cell name>
	   Names the cell in which to run the command. For more details, see kas(8).

       -servers <authentication servers>+
	   Names each machine running an Authentication Server with which to establish a connection. For more details, see kas(8).

       -noauth
	   Assigns the unprivileged identity "anonymous" to the issuer. For more details, see kas(8).

       -help
	   Prints the online help for this command. All other valid options are ignored.

EXAMPLES

       In the following example, an administrator using the "admin" account changes the password for "pat" (presumably because "pat" forgot the
       former password or got locked out of his account in some other way).

	  % kas setpassword pat
	  Password for admin:
	  new_password:
	  Verifying, please re-enter new_password:

PRIVILEGE REQUIRED

       Individual users can change their own passwords. To change another user's password or the password (server encryption key) for server
       entries such as "afs", the issuer must have the "ADMIN" flag set in his or her Authentication Database entry.

SEE ALSO

       bos_addkey(8), kas(8), kaserver(8), kpwvalid(8)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted from HTML to POD by software written by Chas
       Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

OpenAFS 							    2012-03-26							KAS_SETPASSWORD(8)
All times are GMT -4. The time now is 04:53 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy