Power Systems 2009 – LDAP & Kerberos

As usual for those blogentries, they will not describe the topic in detail, but more in a punctual way.

Find below some infos about ldap and kerberos in an AIX environment:

For LDAP authentification you need to edit /etc/security/user and check

auth1: SYSTEM OR LDAP

/usr/lib/security/methods:

– auth_method LDAP/SYSTEM (or any other 3rd party)

– user defition can be altered to authentificate with 2 methods by adding a “AND” to the auth_methods

With LDAP configuration files like

  • /etc/services
  • /etc/security/limits

can be read from the LDAP server (be aware that a 2way ldap server should be in place if you use this)

It is highly recommended to encrypt passwords (root has clear text view on them) and the general LDAP traffic

– client sie user authentification via SSL/TLS encryption

2 LDAP servers should be implemented in an environment, depending on which services are being kept by the LDAP server.

1 userlogin to an AIX system means 1 open socket (1024 sockets by default per AIX system / openfiles limit includes sockets)

default cache timeout of LDAP queries = 5 minutes. Can be flushed with secldapclntd

Advertisements
This entry was posted in aix and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s