On 17/02/14 12:57, צביקה הרמתי wrote: > Hi. > > I want to have several hosts, sharing the same Users Accounts database. > i.e, user "John" will be able to seamlessly login to host1 or to host2, > without having to manually config "John"'s credentials unto each machine. > Nothing more than that... > > LDAP seems like the solution, however, I tried to find an easy tutorial > and understood that maybe it's a little bit overkill for my humble > requirements. > > I've read about RH Identity Management > (https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/index.html) > It seemed interesting; but its DNS requirements are a little bit too > complicated for scenerio (having the IDM server's public IP properly > configured DNS record). > > Am I missing something? > There must be simpler way...
Setting up LDAP isn't that hard actually. If you add Kerberos, then it gets a bit more complicated, however. But if you've never set up LDAP before, it may be a bit daunting in the beginning. Anyhow, I've read "LDAP System Administration" by Gerald Carder (O'Reilly) [1], where I learnt the basic principles of setting up OpenLDAP servers and clients, how LDAP functions and it covers setting up centralised user management. It also covers how to migrate from passwd/shadow/group to LDAP .... Also bear in mind that you can use the same LDAP server for other purposes as well (by using a different base (BaseDN) - if you don't mind the security aspect of this approach). If you just get the server correctly configured, then enabling LDAP in SL6 is fairly simple if you use authconfig, authconfig-gtk or authconfig-tui. Just point User Account Database and Authentication Method to your LDAP server, and that's basically it. Authconfig takes care up updating the proper config files correctly. However, if you set up this on computers which does not have any network access before logging on (such as laptop with wifi) - then you might want to have a look at SSSD [2] (Also present in SL6). It's slightly more complicated to configure, but it can enable functional authentication caches. Once SSSD is configured and running, setting your system up to use SSSD, is done by running 'authconfig --enable-sssd --enable-sssdauth'. [1] <http://shop.oreilly.com/product/9781565924918.do> [2] <https://docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/chap-SSSD_User_Guide-Introduction.html> -- kind regards, David Sommerseth