02-01-2014
Single ldap account, different passwords?
Is it possible, either by software solution or configuration, to provision a single user account that has different passwords depending on what group of servers it is attempting to connect to?
We have a dev, sit, uat, and production environment. They want to be able to set passwords in dev for specific users, differently than they would be in production... This is a service account used by applications only. My initial suggestion was to create service accounts locally, and provision the access to users via sudo. That solution isn't gaining much traction yet, so any idea would be appreciated. Thanks in advance.
2 More Discussions You Might Find Interesting
1. AIX
With an account that uses "Login AUTHENTICATION GRAMMAR" = "LDAP", I get this when trying to enable 16 MB page support:
-bash-3.00# chuser capabilities=CAP_BYPASS_RAC_VMM,CAP_PROPAGATE trbld
Error changing "capabilities" to "CAP_BYPASS_RAC_VMM,CAP_PROPAGATE" : Value is invalid.
I also tried... (1 Reply)
Discussion started by: mdyeager
1 Replies
2. UNIX for Dummies Questions & Answers
Hi
I am currently using saslauthd to authenticate users onto an imap server (cyrus).
I need to have it so that a user can logon to an account with multiple passwords (even just two would work). Is this at all possible within linux?
Right now I am using the shadow file for authentication with... (2 Replies)
Discussion started by: duonut
2 Replies
LEARN ABOUT SUSE
lppasswd
lppasswd(1) Apple Inc. lppasswd(1)
NAME
lppasswd - add, change, or delete digest passwords.
SYNOPSIS
lppasswd [ username ]
lppasswd -a [ -g groupname ] username
lppasswd -x username
DESCRIPTION
lppasswd adds, changes, or deletes passwords in the CUPS digest password file, passwd.md5. When run by a normal user, lppasswd will prompt
for the old and new passwords. When run by the super-user, lppasswd can add new accounts (-a username), change existing accounts (user-
name), or delete accounts (-x username) in the digest password file. Digest usernames do not have to match local UNIX usernames.
OPTIONS
lppasswd supports the following options:
-g groupname
Specifies a group other than the default system group.
SECURITY ISSUES
By default, the lppasswd program is not installed to allow ordinary users to change their passwords. To enable this, the lppasswd command
must be made setuid to root with the command:
chmod u+s lppasswd
While every attempt has been made to make lppasswd secure against exploits that could grant super-user privileges to unprivileged users,
paranoid system administrators may wish to use Basic authentication with accounts managed by PAM instead.
SEE ALSO
lp(1), lpr(1),
http://localhost:631/help
COPYRIGHT
Copyright 2007-2009 by Apple Inc.
22 February 2008 CUPS lppasswd(1)