Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: LDAP in Unix

from [Mike Siedelberg] Network Security [Permanent Link]
Subject: RE: LDAP in Unix
Date: Thu, 19 Oct 2006 12:10:04 -0400 
Yes, please, anyone have instructions for running LDAP clients on AIX 
(5.2, 5.3) and Solaris (8,9), using Novell Edir servers?  We are having 
problems with the AIX pam module to start with.

Thanks in advance,


Mike Siedelberg
Jackson National Life Insurance-IT Security
Desk Phone 517-367-3546
Cell Phone 517-230-0922




"Robert V. Coward/CTR/OSAGWI" <Robert.Coward.CTR@deploymenthealth.osd.mil> 

Sent by: listbounce@securityfocus.com
10/19/2006 08:14 AM

To
Glenn.Pitcher@MedImpact.com, dubaisans@gmail.com, 
focus-sun@securityfocus.com
cc

Subject
RE: LDAP in Unix






Are there any instructions on making this work with MS Active Directory. I
really would like to do this at my own site, but I have been having a hard
time finding documentation on making this work with SSH, and then
connecting it to MS AD. The MS AD part just makes life easier for me, but
it really is not necessary. Any information on setting this up would be
greatly appreciated.

Robert

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Glenn Pitcher
Sent: Tuesday, October 17, 2006 21:15
To: dubaisans dubai; focus-sun@securityfocus.com
Subject: RE: LDAP in Unix

Yes, you're on the right track.  I use the Sun LDAP server for users on
Solaris and AIX.  If you want to limit which hosts a user can access,
you can add the 'host' attribute for each system you want a user to log
into.  If you'd like to go this route, then you'll use the standard pam
ldap module for authorization but you'll have to get it compiled for the
Solaris side.  You'll also need to make changes to the Solaris
/etc/pam.conf file.

You can also use the pam_mkhomedir module to automatically create a
user's home directory when they first logon to a system.

And like the other people said, you will need to still maintain a local
passwd and shadow file though they'll be used only for system accounts
like 'root'.

----
Glenn Pitcher
Security Engineer
MedImpact Healthcare Systems, Inc.
San Diego, CA
glenn dot pitcher at medimpact.com 



-----Original Message-----
From: listbounce@securityfocus.com 
[mailto:listbounce@securityfocus.com] On Behalf Of dubaisans dubai
Sent: Wednesday, September 27, 2006 12:57 AM
To: focus-sun@securityfocus.com
Subject: LDAP in Unix


I have 100 + unix servers primarily Linux and solaris.

I am new to LDAP.

I would like to use Sun ONE Directory server and centralise the user

creation. Once I have LDAP based Directory server  is the 
following true?

1. Whenever a new user has to be created I will create on the SunOne

server and say it is valid only on this host(s).There is no 
need to create the user at the host

2. There is no /etc/passwd and  /etc/shadow files on the 
individual hosts

anymore or they are not of any importance. All the passwords are

stored only in the Directory server.

3. As a later stage I would like to give RSA securID 
authentication to selected set of high privilege users.

Is LDAP and Sun one the right direction?




--------------------------------------------------------------------------
----------------------------------------------
This transmission, together with any attachments, is intended only for the
use of those to whom it is addressed and may contain information that is
privileged, confidential, and exempt from disclosure under applicable law.
If you are not the intended recipient, you are hereby notified that any
distribution or copying of this transmission is strictly prohibited.  If
you received this transmission in error, please notify the original sender
immediately and delete this message, along with any attachments, from your
computer.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Securing Solaris 10, Glenn Brunette
Next by Date:  Re: Securing Solaris 10, roescue
Previous by Thread:  RE: LDAP in Unix, Robert V. Coward/CTR/OSAGWI
Next by Thread:  Detecting Brute-Force and Dictionary attacks, Shashi Kanth Boddula
Indexes:  [Date] [Thread] [Top] [All Lists]