Board index Solaris

Remote Authentication

Remote Authentication

Post by mjt » Sun, 31 Aug 2003 02:59:58




> I have many solaris servers with approx 30,000 user accounts.
> Currently, I'm generating a new passwd/shadow file every 5 minutes
> from a MySQL database.  I feel this is somewhat less than efficient.

> I looked at PAM for authentication but unfortunately, that doesn't
> really solve my problem because from what I gather PAM doesn't pass
> any info back other than is the user/pass pair valid.  This means I
> still need to maintain the passwd file for home dir, shell, etc...

> What do you think the best solution would be.  All this info is
> readilly available from the MySQL database and Radius.

> Thanks for any insight you can provide.
> Paul

Ever look at LDAP? Works with Radius:

http://docs.sun.com/source/806-4252-10/mapping.htm

 
 
 
Top

Remote Authentication

Post by Martin Schoe » Sun, 31 Aug 2003 04:55:22



> I have many solaris servers with approx 30,000 user accounts.
> Currently, I'm generating a new passwd/shadow file every 5 minutes
> from a MySQL database.  I feel this is somewhat less than efficient.

You definitely want to use ldap.

Never seen any serious admin trying to handle more than, let's say, 200
users without using whatever kind of directory service.

Martin

 
 
 
Top

1. Remote authentication trouble

I have two computers at home on a 10base2 network with cheap
NE2000 clones.  They used to work fine, but now the one I use more
is having trouble.  The problem is, the troubled computer (aristotle)
refuses to authenticate users.  rsh to it works fine, as does rlogin,
but only if your point of origin is in ~/.rhosts.  telnet, as well
as rsh and rlogin if the point of origin is not in ~/.rhosts, doesn't
work.
        I connect fine going _from_ aristotle, and stuff like X works
as well (program on one pops up on the other) going either way, but
after I get the Password: prompt when telnetting, I might as well have
run cat > /dev/null.  My password and anything else I type after my
username is visible, but completely ignored a la:

Trying 192.168.2.3...
Connected to aristotle.
Escape character is '^]'.

Linux 2.0.29 (aristotle) (ttyp2)

aristotle.miniwulf.com login: ejs
Password: <confidential info goes here>
Hello?
Testing 1 2 3.
Argh!
sdfsakjdfkjasdfajdsfkjasdf

telnet> close

I've changed so many things since the last time I'm sure telnet worked,
(I have both machines right there, so I don't telnet much) that I don't
know where to begin trying to figure this out.  The worst part is, I
thought this would be so easy, since I had a working machine to use as
a model just 3ft away from the misbehaving one, but everything I've
looked at matches... I'm beginning to suspact Hale-Bopp has something
to do with this. :)

                                        -Edward Spriggs

One more bit of potentially useful info:  the login will time out after
60 seconds, so it isn't completely dead, and once in a blue moon telnet
will work perfectly only once, and switch back to not working without
me doing anything but telnetting a second time.  Perhaps I've induced
some race condition somewhere?  Stuff I've checked in /proc doesn't bear
that out, though.

2. Cinergy 400 TV-card (saa7134) problem with sound

3. Remote authentication

4. ext2 particion > 2GB

5. How to do remote authentication?

6. kppp "kernel has no ppp support" error in COL 2.3

7. Remote Authentication

8. xterm and cron

9. Remote authentication

10. remote authentication? nis+?

11. Help: Remote authentication and accounting software?

12. help with remote authentication

13. Remote authentication and accounting software?


All times are UTC
Board index