12-19-2014
I want to centralize user authentication
Right now it is just a simple environment consisting of a small number of CentOS boxes, but I would like to set up central user authentication to make things easier, especially as we expand (I've already budgeted to triple our local infrastructure and we will be also expanding geographically to multiple regions internationally at some point next year).
Years ago, I remember NIS or NIS+ being the easiest thing in a pure Linux environment, but after some googling I'm finding that Open LDAP has replace it as the sort of "go to" for central user authentication in Linux?
Just wanted to see what other's opinions are, is there a particular "brand" of LDAP software that is preferred, or used more than others? Looking through the LDAP entry on Wikipedia I see quiet a lot of choices for server software, such as OpenLDAP, FreeIPA, 389 Directory server, etc etc.
Any/all opinions are welcome, I come from a primarily Microsoft background so I'm not used to having choices
10 More Discussions You Might Find Interesting
1. Solaris
Ok i need a little help...
I have 20 Solaris 8 machines and I would like to have these machines do user authentication through one machine acting as server instead of having to maintain a user list on every machine. What can I do to achieve this?
Thanks (3 Replies)
Discussion started by: meyersp
3 Replies
2. Shell Programming and Scripting
Hi All,
sftp -b script.txt <hostname>
user-authentication through non-interactive way is desired. But, its failing to do so.
Could anyone kindly advise.
Thanks for any/all help at the earliest.
Regards,
Dheeraj. (1 Reply)
Discussion started by: dheeruchakri
1 Replies
3. Forum Support Area for Unregistered Users & Account Problems
I recently registered, but never received the email with the instructions for authenticating my account. I confirmed my email in in the profile looks correct. I found and clicked the link to resend the authentication email. I clicked that link two days ago and I still don't have the email. It... (1 Reply)
Discussion started by: dwallace
1 Replies
4. Solaris
Hello, this is my first post, i´m trying to get some help on this issue.
I´m looking for a software product (maybe SUN or TIVOLI) that provide me help on doing administrative tasks involving solaris, aix , linux & HPUX machines. This tasks are user/password creation/modification, SSH rights,... (1 Reply)
Discussion started by: amedran
1 Replies
5. UNIX for Advanced & Expert Users
Hello, this is my first post, i´m trying to get some help on this issue.
I´m looking for a software product (maybe SUN or TIVOLI) that provide me help on doing administrative tasks involving solaris, aix , linux & HPUX machines. This tasks are user/password creation/modification, SSH rights,... (2 Replies)
Discussion started by: amedran
2 Replies
6. Red Hat
This is my first time configuring it, can someone give me advice on how you would config the architecture? For example, I'm stuck on the fail back issue. If my openldap box goes down, how do my users log in. I've heard of the following two options.
1 - create local user accounts ... ok but... (3 Replies)
Discussion started by: sdotsen
3 Replies
7. AIX
In /etc/security/user, we can set which authentication method we use for each user. for example:
test:
admin = false
rlogin = false
SYSTEM = "NONE"
I want to test whether SYSTEM=NONE (without ") is acceptable. How can I verify it? and How can we check which... (1 Reply)
Discussion started by: quanba
1 Replies
8. AIX
Hello everyone, hoping you can provide some incite with a little problem I'm having..
I have the LDAP client configured and running on my AIX 5.3 server, which is authenticating against an eDirectory LDAP server. I can login via LDAP no problems on the AIX server with newly created users,... (4 Replies)
Discussion started by: j_aix
4 Replies
9. Programming
Hi, all,
I am a newbie to linux authentication part.
Questions below really puzzle me:
How to authenticate users from local storage(passwd shadow) and nis server?
(Without PAM)
getpwnam_r() will return a '*' in the pw_passwd field of "struct passwd".
I can parse /etc/shadow. But how... (1 Reply)
Discussion started by: mythmgn
1 Replies
10. Shell Programming and Scripting
Hello all.. i am new to perl scripting.. i wanted to parse a text file, encode the parsed text and attach in url.. please point me to right resources if you know any..This is my major problem. Now i try to get a url running and save it in a text file using LWP module in perl, I used following... (0 Replies)
Discussion started by: empyrean
0 Replies
LEARN ABOUT HPUX
pam_authenticate
pam_authenticate(3) Library Functions Manual pam_authenticate(3)
NAME
pam_authenticate - perform authentication within the PAM framework
SYNOPSIS
[ flag ... ] file ... [ library ... ]
DESCRIPTION
is called to authenticate the current user. The user is usually required to enter a password or similar authentication token depending
upon the authentication service configured within the system. In the case of smart card authentication this token would be a (Personal
Identification Number). The user in question should have been specified by a prior call to or The following flags may be set in the flags
field:
Authentication service should not generate any messages
The authentication service should return
if the user has a null authentication token
APPLICATION USAGE
Refer to pam(3) for information on thread-safety of PAM interfaces.
NOTES
In the case of authentication failures due to an incorrect username or password, it is the responsibility of the application to retry and
to maintain the retry count. An authentication service module may implement an internal retry count and return an error if the module does
not want the application to retry.
If the PAM framework can not load the authentication module, then it will return This indicates a serious failure and that the application
should not attempt to retry the authentication.
For security reasons, the location of authentication failures is hidden from the user. Thus, if several authentication services are
stacked and a single service fails, requires that the user re-authenticate to all the services.
A null authentication token in the authentication database will result in successful authentication unless was specified. In such cases,
there will not be any prompting for the user to enter an authentication token.
The authentication can be done through a smart card. In this case the user plugs their smart card in the smart card reader and is required
to enter their smart card PIN.
RETURN VALUES
Upon successful completion, is returned. In addition to the error return values described in pam(3), the following values may be returned:
Authentication failure.
Can not access authentication data due to insufficient credentials.
Underlying authentication service can not retrieve authentication information.
User not known to the underlying authentication module.
An authentication service has maintained a retry count which
has been reached. No further retries should be attempted.
SEE ALSO
pam(3), pam_start(3), pam_open_session(3), pam_setcred(3).
pam_authenticate(3)