Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] openldap and su



On Sun, Apr 20, 2008 at 11:06:18PM -0700, Gerald Naughton wrote:
> > I`m narrowing it down to pam.d directory 
> > I think that is su and will play around with it 
> > if i get a solution ,i`ll email back
> After searching all and trying various things
> i found this
> http://mail.opensolaris.org/pipermail/security-discuss/2006-April/003285.html
> 
> I need to implement kerberos or remove root from
> certain users for certain machines

Ok, what i suspected, you export the homedirs via nfs and that relies
just on the uid-information it gets from the client.
Having the client properly authenticate for the mount i.e. with ker-
beros and nfsv4 should work, i hope the clients in your environment 
already support this already.

Another idea could be to put a crypto-container into each homedir
and having the user manually mount it by hand once logged in or having
this done by an other pam-module.

Christian


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links