This is the first of two articles that will discuss a number of issues with LDAP authentication on Linux. In this installment, I will discuss an overview of LDAP, installing and configuring OpenLDAP, migrating to OpenLDAP and setting up LDAP queries. In this series, I will focus on Red Hat Linux version 7.1 (with some comments about earlier revisions;) however many of the same principles apply to Debian and other Linux distributions. Authentication is the process wherein a user logging on to a Linux system has their credentials checked before being allowed access. Usually, this means that a user needs to provide a login name and a password. Many different programs provide authentication, each using a different method. For example, the basic Unix login program provides a simple text interface for a user to enter a user ID and password. Graphical login systems such as XDM (or GDM or KDM) provide a different interface. Programs such as SSH can authenticate users based on things like RSA or DSA keys as well as passwords. There are many different authentication suites or protocols available on Linux today. Like all traditional Unix systems, Linux is capable of authenticating users against entries in the /etc/passwd and /etc/shadow files, but it also supports such authentication schemes as , and LDAP, which stands for Lightweight Directory Access Protocol. (which stands for Pluggable Authentication Modules) is a set of libraries provided with most modern Linux distributions, and it is installed by default in Red Hat Linux. The PAM libraries provide a consistent interface to an authentication protocol. An application can use the PAM libraries to allow the use of any authentication protocol within that application, so that if the system administrator wants to change from, for example, /etc/passwd authentication to LDAP, the application does not have to be
Products & Services
Thin clients are network computers that are especially small so that most data processing occurs on the server. Thin clients are powered by centralized servers and do not contain CD-ROM drives, disc drives, and expansion slots.
RFID software is used to process data sent to and received from radio frequency identification (RFID) devices such as RFID readers, writers, and printers.
Time servers are dedicated network computers that provide time-synchronization functions for all of the devices in the network.
Network Clock Sources
Network clock sources are timing devices that use a signal from an atomic clock or other external reference source to set and maintain a central time for all of the elements in a network.
KVM switches are hardware devices that allow IT personnel to use a single keyboard, video monitor, and mouse (KVM) to control more than one computer at a time.
Tripp Lite's new IP-capable KVM Switches includes features such as Virtual Media capability, redundant dual power supplies and energy-saving temperature sensors.
Topics of Interest
LDAP is a directory server technology that allows information such as usernames and passwords for an entire site to be stored on a central server. This whitepapers describes how to set up a Linux...
File sharing is an important feature of the desktop, so we will discuss ways of accessing file shares using CIFS (Common Internet File System), Apple-Talk, and NFS (Network File System)...
Many network admins are familiar with the concept of AAA: Authentication, Authorization, and Accounting. These components of a logical system control access to resources. Authentication...
NIS is a name service for UNIX directories like the passwd map, ethers map, etc. NIS is easy to setup and administer, scales reasonably well, is supported by nearly all forms of UNIX, and is thus very...
The programs the user interfaces to are called shells. The standard shell for Linux is called bash and is similar to the Bourne shell. There are alternatives such as tcsh which are...