This month is the last part of a three-part series on using the Lightweight Directory Access Protocol (LDAP) to manage accounts for a network of users. (See Part One and Part Two.) The previous two columns covered basic LDAP configuration, migrating an existing Linux account database to LDAP, and managing accounts in an LDAP directory. This time, let’s look at how to configure LDAP clients. This process involves setting up the Name Service Switch (NSS) and Pluggable Authentication Modules (PAM) to use LDAP in addition to the local Linux authentication tools. (In theory, you could use LDAP exclusively; however, in most cases it’s best to have at least some accounts defined locally.)
You should review the previous two columns in this series to refamiliarize yourself with the terminology and procedures before proceeding with this month’s column. Ensure that your LDAP server is running; this month’s column requires that the LDAP server be operational. You will, however, be performing most of the actions described this month on other computers. (You can, if you like, configure the LDAP server computer as described here, simply to gain access to the LDAP account directory.)
The Roles of NSS and PAM
Most people give little thought to the details of how Linux accounts are structured. In fact, there are several characteristics of accounts, such as usernames, passwords, home directories, default shells, and so on. These features are managed by two Linux tools:
PAM is a security tool; it tells login tools,…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
