>
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Configuring_Authentication.html
Very cool! Thanks for pointing me to these Docs Eero! I'll check them out!
Best,
Tim
On Sun, Nov 9, 2014 at 9:41 PM, Eero Volotinen
wrote:
>
> https://access
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Configuring_Authentication.html
10.11.2014 4.03 kirjoitti "Tim Dunphy" :
> >
> > How about using authconfig ?
>
>
> Sure! I'm willing to give that a try.
>
> Thanks for the suggestion. I'll look it up
>
> How about using authconfig ?
Sure! I'm willing to give that a try.
Thanks for the suggestion. I'll look it up.
Tim
On Sun, Nov 9, 2014 at 5:24 PM, Eero Volotinen
wrote:
> 2014-11-09 22:46 GMT+02:00 Tim Dunphy :
>
> > Hey all,
> >
> > I've been googling for a bit trying to find a decent
2014-11-09 22:46 GMT+02:00 Tim Dunphy :
> Hey all,
>
> I've been googling for a bit trying to find a decent guide that helps you
> setup LDAP authentication via nssov. And so far haven't been able to find
> anything. Does anyone out there happen to know of a guide that would help
> me do this und
Hey all,
I've been googling for a bit trying to find a decent guide that helps you
setup LDAP authentication via nssov. And so far haven't been able to find
anything. Does anyone out there happen to know of a guide that would help
me do this under CentOS 6.5?
Thanks
Tim
--
GPG me!!
gpg --keys
> Well, that's simply *not* true... says the guy who, 20-30 years ago, had
> to read IBM mainframe manuals
I can attest to IBM manuals of that era. :-)
Few years back while working for a bank I came across one of the
original manuals for the IBM 4702 Branch Controller. And I thought
early eSe
> One possible solution is to have the main LDAP server addressable only
> via STARTTLS and a non-SSL, read-only slave on a different host that's
> visible only to your LAN.
Very interesting.
It would also address some concerns I had with all these third-party
LDAP plugins having (potential) write
On Thu, 7 Oct 2010, Mathieu Baudier wrote:
>> You can also use StartTLS over the network and LDAPI (connection
>> over Unix sockets, which are inherently secure) for apps running on
>> the server. I use it, both with OpenLDAP and 389 Directory Server
>> (a.k.a. Fedora DS, Red Hat DS).
>
> Unfor
> You can also use StartTLS over the network and LDAPI (connection over Unix
> sockets, which are inherently secure) for apps running on the server. I use
> it, both with OpenLDAP and 389 Directory Server (a.k.a. Fedora DS, Red Hat
> DS).
Unfortunately, I have a whole LAN whose user/group/auth man
> The reason why I (think I) need both is that many third party apps on
> the server (PHP applications typically) do not easily manage StartTLS.
> Meanwhile, having two different ports make it easier to manage via iptables.
>
You can also use StartTLS over the network and LDAPI (connection over
lease help
Thank you.
> Date: Wed, 6 Oct 2010 22:27:08 +0100
> From: miguelmeda...@sapo.pt
> To: mbaud...@argeo.org
> CC: centos@centos.org
> Subject: Re: [CentOS] LDAP authentication on a remote server (via ldaps://)
> [SOLVED]
>
>
> >> Are you aware that SSL
> A quick search will provide plenty of articles about the subject.
Thanks, I had actually thought of using a search engine (as somebody
put it, part of the fun with configuring OpenLDAP is that you
definitely have to).
What I cannot find (yet) is whether there is a way to require StartTLS
only f
On Wed, 2010-10-06 at 08:32 -0700, Paul Heinlein wrote:
> On Wed, 6 Oct 2010, Mathieu Baudier wrote:
>
> > Now, I have a few servers in our local office and I would like them to
> > authenticate from the remote LDAP server using encryption via
> > ldaps://.
> > (at this stage, without using client
On Wed, 2010-10-06 at 09:49 -0400, Scott Robbins wrote:
> On Wed, Oct 06, 2010 at 03:32:03PM +0200, Mathieu Baudier wrote:
> > > Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap
> > > file's entry for SLAPD_LDAPS and restart the ldap service on the server?
> >
> > This set
>> Are you aware that SSL on port 636 is now considered deprecated in favor of
>> START_TLS on port 389?
> No, I'm not (I actually thought that it was the other way round)
>
> (...)
>
> What are the pro and cons of both approaches?
>
> Comments more than welcome
You can, as an example, consult th
> Are you aware that SSL on port 636 is now considered deprecated in favor of
> START_TLS on port 389?
No, I'm not (I actually thought that it was the other way round)
I found it practical to have a port (389 or equivalent) that I could
authorize via iptables only on the local network., and anoth
Scott Robbins wrote:
> On Wed, Oct 06, 2010 at 06:35:14PM +0200, Mathieu Baudier wrote:
>>
>> IMHO, the comments in /etc/ldap.conf could be a bit more explicit on
>> the 'on' value:
>
> IMNSHO most docmentation on LDAP is laughable, and perhaps one of the
> main reasons Active Directory has become
On Wed, Oct 06, 2010 at 06:35:14PM +0200, Mathieu Baudier wrote:
>
> IMHO, the comments in /etc/ldap.conf could be a bit more explicit on
> the 'on' value:
IMNSHO most docmentation on LDAP is laughable, and perhaps one of the
main reasons Active Directory has become so much more popular. Say w
Are you aware that SSL on port 636 is now considered deprecated in favor
of START_TLS on port 389?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
> Here are the changes I'd review:
>
> 1. After installing the CA cert, did you create a hash link? E.g.,
>
> /usr/sbin/cacertdir_rehash /etc/openldap/cacerts
>
> 2. Make sure you know the difference between /etc/ldap.conf and
> /etc/openldap/ldap.conf. The former is used by nss_ldap, the
On Wed, 6 Oct 2010, Mathieu Baudier wrote:
> Now, I have a few servers in our local office and I would like them to
> authenticate from the remote LDAP server using encryption via
> ldaps://.
> (at this stage, without using client-side certificate)
>
> I have run a similar command as I did on the
On Wed, Oct 06, 2010 at 03:32:03PM +0200, Mathieu Baudier wrote:
> > Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap
> > file's entry for SLAPD_LDAPS and restart the ldap service on the server?
>
> This settings was indeed set to no.
>
> I changed the settings to yes and
> Did you, on the server, change the new, undocumented, /etc/sysconfig/ldap
> file's entry for SLAPD_LDAPS and restart the ldap service on the server?
This settings was indeed set to no.
What is funny though is that I actually can connect to the ldaps port
without it (since ldapsearch -x is worki
On Wed, Oct 06, 2010 at 10:24:44AM +0200, Mathieu Baudier wrote:
> Hello,
>
>
> Now, I have a few servers in our local office and I would like them to
> authenticate from the remote LDAP server using encryption via
> ldaps://.
> (at this stage, without using client-side certificate)
>
> I have r
Hello,
I have a central repository of users/groups based on OpenLDAP which is
working on a remote LAN (servers share users credentials and mount
their home directories via NFS). They use non-encrypted ldap
restricted to the local network.
Now, I have a few servers in our local office and I would
2009/7/9 hqm8512
> hello ,
> we're using LDAP for user authentication
>
> I'm looking for a mechanism to automatically create a users home directory
> when he logs in for the first time
> Thanks,
>
The autodir package will do precisely that. It's easy to setup too:
yum -y install autodir
mkd
2009/7/9 hqm8512 :
> hello ,
> we're using LDAP for user authentication
>
> I'm looking for a mechanism to automatically create a users home directory
> when he logs in for the first time
> Thanks,
If using authconfig, can pass the --enablemkhomedir
This works by putting the following in /etc/pam
hello ,
we're using LDAP for user authentication
I'm looking for a mechanism to automatically create a users home directory
when he logs in for the first time
Thanks,
--
Best Regards
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mai
Charles Richards wrote:
> Has anybody done any authentication to Lotus Domino using LDAP?
>
> I selected LDAP options in the "authconfig-tui" application, per the
> documentation here:
>
> http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html
>
>
> when I try to query the
On Tue, 2009-01-06 at 19:47 -0700, Charles Richards wrote:
> Has anybody done any authentication to Lotus Domino using LDAP?
>
> I selected LDAP options in the "authconfig-tui" application, per the
> documentation here:
>
> http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.ht
> base <>
I don't really know too much about LDAP, and I know less about Lotus
Domino, so hopefully I'm not blowing in the wind, but shouldn't this
have something in it? Like "dc=yourcompany,dc=com"? Maybe with an
"ou=people" prepended to it so it knows to look in the right subtree?
--
Spiro Ha
Has anybody done any authentication to Lotus Domino using LDAP?
I selected LDAP options in the "authconfig-tui" application, per the
documentation here:
http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html
when I try to query the directory for user information though, I g
Hi,
On Tue, Dec 2, 2008 at 4:00 PM, Russell Miller <[EMAIL PROTECTED]> wrote:
> Friedrich Clausen wrote:
>> Does anyone have any real world, in the trenches experience they would
>> be willing to share? I would like to know which is the most
>> maintainable and easy to hand-over to more junior adm
Friedrich Clausen wrote:
> Does anyone have any real world, in the trenches experience they would
> be willing to share? I would like to know which is the most
> maintainable and easy to hand-over to more junior admins.
>
The way we did this was, we have an access.conf file that is
automaticall
Hello all,
At my current job the time has come to unify our LDAP infrastructure
into one tree (preferably). The basics are working but we are not sure
how to restrict which users can log into which machines.
What we would like is for everyone in the (for example) "infra" group
to log into all mac
35 matches
Mail list logo
