Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: LDAP in Unix

from [jm] Network Security [Permanent Link]
Subject: Re: LDAP in Unix
Date: Fri, 29 Sep 2006 09:59:04 +1000
Stephen Booth wrote:
listbounce@securityfocus.com wrote on 27/09/2006 08:57:25:
2. There is no /etc/passwd and /etc/shadow files on the individual
hosts
anymore or they are not of any importance. All the passwords are
stored only in the Directory server.

Those files are still there and can still be used. As well as your LDAP users (i.e. those whose details are held in the LDAP directory) you'll have local users whose details are stored in the local files. You can specify what order they are checked in using the nsswitch.conf file, you always want the /etc/passwd file to be used in case the machine cannot get a connection to the LDAP server. Generally if a user has an entry in the LDAP directory then you wouldn't want them to be in the /etc/passwd file and visa versa. Obviously the root user has to be /etc/passwd file as you're likely to need that before the network comes up or if you lose connection to the LDAP server (e.g. network outage, LDAP is down, migrating subnets &c).

Stephen


To reduce the risk of being unable to connect to the LDAP server, setup 2 (or more) servers and configure replication, this is *really* simple with SunONE DS (point-and-click easy).

--jason

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: LDAP in Unix, Freeman, Michael
Previous by Thread:  Re: LDAP in Unix, Stephen Booth
Next by Thread:  RE: LDAP in Unix, Freeman, Michael
Indexes:  [Date] [Thread] [Top] [All Lists]