(Domain-like setup)

Aaron Toponce aaron.toponce at gmail.com
Sun Apr 5 18:27:50 MDT 2009


Jessie Morris wrote:
> haha. Very funny. Sorry, I've been working and I've been really busy, so I 
> didn't have much time to reply. Thank you for this response, but just to 
> clarify, can I use this to log into a linux system. For example, could I 
> change the root password on the central server and that trickles down to each 
> of the clients.

It doesn't "trickle down to each of the clients" like DNS propagates
from server to server. The account is stored on the remote server,
rather than locally on the client machine. So when the user logs in,
they are authenticating against the remote server, rather than
authenticating against the local client.

However, don't store the client root account on the LDAP server. Root
accounts should be kept locally through /etc/passwd and /etc/shadow.
Also, you'll be tempted to keep the root password the same on all local
machines. I'd recommend not doing it, and keeping a centralized
encrypted database with KeePass, or something similar. If you keep all
the root passwords the same on all machines, and someone gets it, they
could compromise all your boxen. Sucks for convenience to have all the
root passwords different, rocks for security.

-- 
                       _
Aaron Toponce         ( )  ASCII Ribbon Campaign
www.aarontoponce.org   X   www.asciiribbon.org
                      / \

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
Url : http://plug.org/pipermail/plug/attachments/20090405/06ed81af/attachment.bin 


More information about the PLUG mailing list