Difference between revisions of "Authentication"

From the Linux and Unix Users Group at Virginia Teck Wiki
Jump to: navigation, search
imported>Echarlie
imported>Echarlie
(Account maintenance instructions)
Line 4: Line 4:
  
 
==Account maintenance instructions==
 
==Account maintenance instructions==
''Main article: [[VTLUUG:LDAP info]]''
+
''Main article: [[VTLUUG:LDAP Info]]''
 +
 
 
All users will be able to use standard shell commands (such as chsh) to change attributes of their own account. Additionally they can make direct requests to the LDAP server (razor.vtluug.org) using ldapmodify and .ldif files to change attributes as well. Explaining .ldif files and ldapmodify is beyond the scope of this article.
 
All users will be able to use standard shell commands (such as chsh) to change attributes of their own account. Additionally they can make direct requests to the LDAP server (razor.vtluug.org) using ldapmodify and .ldif files to change attributes as well. Explaining .ldif files and ldapmodify is beyond the scope of this article.
  

Revision as of 19:28, 26 March 2016

VTLUUG has been was Kerberos and LDAP for authentication until the CVL eviction. We have now migrated to an LDAP only domain due to a lack of IPv6 on behind router.ece.vt.edu. The old Kerberos server was configured to work on IPv6 only therefore we were required to migrate away from its use for authentication.

With the current deployment acidburn should be acceptable through normal password authentication over ssh. There is no need to configure tickets or anything else Kerberos related.

Account maintenance instructions

Main article: VTLUUG:LDAP Info

All users will be able to use standard shell commands (such as chsh) to change attributes of their own account. Additionally they can make direct requests to the LDAP server (razor.vtluug.org) using ldapmodify and .ldif files to change attributes as well. Explaining .ldif files and ldapmodify is beyond the scope of this article.

For management of the entire domain officers who know the LDAP root users credentials will be able to log in to the LDAP Administrator web application running on razor.vtluug.org. Information on this is really only shared on a need to know basis between officers, and the content is not entirely appropriate for a public wiki.