listbounce@securityfocus.com wrote on 27/09/2006 08:57:25:
2. There is no /etc/passwd and /etc/shadow files on the individual
hosts
anymore or they are not of any importance. All the passwords are
stored only in the Directory server.
Those files are still there and can still be used. As well as your LDAP
users (i.e. those whose details are held in the LDAP directory) you'll
have local users whose details are stored in the local files. You can
specify what order they are checked in using the nsswitch.conf file, you
always want the /etc/passwd file to be used in case the machine cannot get
a connection to the LDAP server. Generally if a user has an entry in the
LDAP directory then you wouldn't want them to be in the /etc/passwd file
and visa versa. Obviously the root user has to be /etc/passwd file as
you're likely to need that before the network comes up or if you lose
connection to the LDAP server (e.g. network outage, LDAP is down,
migrating subnets &c).
Stephen
--
0121 303 6399
07795590508
***********************************************************************
The information contained in this e-mail (and any attachment) is confidential
and may be privileged. It is intended only for the named recipient or entity to
whom it is addressed. If you are not the intended recipient, please notify the
sender and delete the e-mail immediately. The contents of this e-mail must not
be disclosed, printed or copied without the sender's consent.
Any e-mail including its content may be monitored and used by Service
Birmingham Ltd for reasons of security and for monitoring internal compliance
with Security Policy.
Although Service Birmingham Ltd have made every reasonable effort to ensure
that this message or any attachment is virus free or has not been intercepted
and amended this cannot be guaranteed.
***********************************************************************
