Josh Rivel wrote: > I would like to have a local admin type account on ~700 Open Solaris snv_81 > boxes that can only be used when LDAP is *not* working. > > When the network is up and running we would like all access to be only for > LDAP users, but if LDAP is down, there is a "backdoor" in via the router that > the OpenSolaris boxes are plugged into - they are all connected back to a > central location via an OpenVPN tunnel, so if the tunnel is up we can ssh in > as an LDAP user no problem. If LDAP is down, then we need local access to > the box, but my boss doesn't want the localadmin account to be used if LDAP > is working. > > I thought about using the following in /etc/nsswitch.conf, but I'm not sure > if it would break other things: > > passwd: ldap [NOTFOUND=return] files > > Currently it's set to > > passwd: files ldap > > Would that work? Or is there a better way to do this? > It should work, knock up a quick zone and give it a try.
-- Ian. _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
