Linux’s multi-user nature is very helpful in many situations. Universities often have public terminals at which students, faculty, and staff may work; Web servers, mail servers, file servers, and other servers usually have multiple users; and even personal computers at home may be shared by multiple users. Linux allows one or more users to share the same hardware simultaneously. In many of these environments, though, a problem arises: How do you manage the accounts for multiple users on multiple computers?
Managing many users on a single computer is easy — you can use Linux’s useradd, usermod, and passwd utilities, among other tools. But as the number of computers grows, administering user accounts becomes increasingly tedious and error-prone. Imagine trying to keep the accounts of hundreds or thousands of users synchronized across hundreds of computers!
Fortunately, Unix systems (and hence Linux) have long supported network authentication tools, such as the Network Information Service (NIS) and Kerberos. These tools enable all the computers on a network to authenticate against a user database maintained by a single computer (possibly with backups). Such an approach greatly simplifies account maintenance on networks with more than a handful of computers.
In recent years, another tool has become increasingly popular for this task: the Lightweight Directory Access Protocol (LDAP). LDAP is much more than an authentication tool, but you can use it as nothing but an authentication protocol, if you like. Getting your feet wet with LDAP is also useful in cross-platform…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
