Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] openldap and su
- Date: Mon, 21 Apr 2008 11:17:24 +0200
- From: Christian Horn <chorn@example.com>
- Subject: Re: [tlug] openldap and su
- References: <101378.78743.qm@web30604.mail.mud.yahoo.com> <818075.13399.qm@web30603.mail.mud.yahoo.com>
- User-agent: Mutt/1.5.13 (2006-08-11)
On Sun, Apr 20, 2008 at 11:06:18PM -0700, Gerald Naughton wrote: > > I`m narrowing it down to pam.d directory > > I think that is su and will play around with it > > if i get a solution ,i`ll email back > After searching all and trying various things > i found this > http://mail.opensolaris.org/pipermail/security-discuss/2006-April/003285.html > > I need to implement kerberos or remove root from > certain users for certain machines Ok, what i suspected, you export the homedirs via nfs and that relies just on the uid-information it gets from the client. Having the client properly authenticate for the mount i.e. with ker- beros and nfsv4 should work, i hope the clients in your environment already support this already. Another idea could be to put a crypto-container into each homedir and having the user manually mount it by hand once logged in or having this done by an other pam-module. Christian
- Follow-Ups:
- Re: [tlug] openldap and su
- From: Gerald Naughton
- Re: [tlug] openldap and su
- References:
- Re: [tlug] openldap and su
- From: Gerald Naughton
- Re: [tlug] openldap and su
- From: Gerald Naughton
- Re: [tlug] openldap and su
- Prev by Date: [tlug] Setup OpenSUSE in Xen domainU with Solaris as domain0.
- Next by Date: Re: [tlug] openldap and su
- Previous by thread: Re: [tlug] openldap and su
- Next by thread: Re: [tlug] openldap and su
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |