https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842195#M24636 thx SEP and SB replies,<BR /><BR />Do you mean mean ldap doesn't have the function I mention ? so I need to setup the ssh to redirect the user from 192.168.0.1 to another server ? thx Sat, 12 Aug 2006 22:33:33 GMT sindodm 2006-08-12T22:33:33Z https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842192#M24633 We have three server <BR /><BR />192.168.0.1 --&gt; LDAP master server<BR />192.168.0.2 --&gt; LDAP slave server<BR />192.168.0.3 --&gt; server<BR />192.168.0.4 --&gt; server<BR /><BR /> Assume user A want to access server 192.168.0.3 , user B want to access server 192.168.0.4 , now , if I would like all user have one single point login ( so that they don't need to remember so many ip address ) , for example , both of them only login to 192.168.0.1 (single point) , the system can re-direct them to the host they want ( in my case which are 192.168.0.3 and 192.168.0.4 ) , does openldap have such function ? Sat, 12 Aug 2006 05:51:08 GMT https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842192#M24633 nash11 2006-08-12T05:51:08Z https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842193#M24634 Shalom,<BR /><BR />What you do is change authentication in server 3 and 4 (designated by their ip addresses) to LDAP.<BR /><BR />Configure them to connect to the ldap infrastructure and you have single sign on.<BR /><BR />The first step is to change /etc/nsswitch.conf and make the passwd entry ldap instead of the default files.<BR /><BR />Redirecting logins to another server does not really achieve what you say you want to get done.<BR /><BR />SEP Sat, 12 Aug 2006 14:46:07 GMT https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842193#M24634 Steven E. Protter 2006-08-12T14:46:07Z https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842194#M24635 Yea.. If you want the user credentials (i.e. usernames and passwords) to be shared amongst all servers, what SEP said is perfect for you.<BR /><BR />But from what I can tell, what you're saying doesn't relate to the authentication directly at all.<BR /><BR />It relates more to wanting to access different servers from a single location.<BR /><BR />You are wanting to look into passwordless SSH logins which get launched from server 1 when they log in.<BR /><BR />LDAP it's self isn't what you want. Look at '.bash_profile' and SSH key sharing without passwords. Sat, 12 Aug 2006 22:09:33 GMT https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842194#M24635 Stuart Browne 2006-08-12T22:09:33Z https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842195#M24636 thx SEP and SB replies,<BR /><BR />Do you mean mean ldap doesn't have the function I mention ? so I need to setup the ssh to redirect the user from 192.168.0.1 to another server ? thx Sat, 12 Aug 2006 22:33:33 GMT https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842195#M24636 sindodm 2006-08-12T22:33:33Z https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842196#M24637 ldap can do authentication for multiple hosts, but it doesn't do redirects. Mon, 14 Aug 2006 03:17:25 GMT https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842196#M24637 dirk dierickx 2006-08-14T03:17:25Z https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842197#M24638 thx Dirk , <BR /><BR />if ldap doesn't has this function , can advise the good practice of it ? thx Mon, 14 Aug 2006 09:49:12 GMT https://community.hpe.com/t5/operating-system-linux/login-authenication/m-p/3842197#M24638 sindodm 2006-08-14T09:49:12Z