System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to do the user and password management on Linux / Unix server from web

 
SOLVED
Go to solution
senthil_kumar_1
Super Advisor

How to do the user and password management on Linux / Unix server from web

Hi All,

In our company they have implemented the user and password management tool for windows AD.

How can I implement the same in Linux and Unix servers...

Could you please suggest any one like that...

We are having lot of unix and linux servers having lot of local user accounts...
8 REPLIES
Alzhy
Honored Contributor

Re: How to do the user and password management on Linux / Unix server from web

Is your question about integrating your Linux and UNIX accounts in yuor AD Domain or how to manage the local user accounts effetively?

Hakuna Matata.
Alzhy
Honored Contributor

Re: How to do the user and password management on Linux / Unix server from web

if your question is about a tool to manage user accoutns from web interface, then you can try *webmin*
Hakuna Matata.
Alzhy
Honored Contributor

Re: How to do the user and password management on Linux / Unix server from web

if your question is about an efficient central management of each UNIX/Linux server's user accounts -- then you may want to implement any of the following:

- Active Directory Integration
- NIS Plus
- a commercial tool (from CA, HP, etc..)

Hakuna Matata.
Jeeshan
Honored Contributor

Re: How to do the user and password management on Linux / Unix server from web

Yeah, if you are looking for web based user administration then webmin is a very good choice.
a warrior never quits
Don Mallory
Trusted Contributor
Solution

Re: How to do the user and password management on Linux / Unix server from web

For AD integration of HP-UX nodes, check out the LDAP-UX bundle. There is a lot of documentation on this, and it works quite well (integrated with Kerberos and AD).

For the Linux nodes, LDAP-UX does not exist. You can however build the same using openldap as a client of your AD and add Kerberos integration, almnost exactly the same as your HP-UX environment. Some of the config files and scripts will even port almost directly.

Don Mallory
Trusted Contributor

Re: How to do the user and password management on Linux / Unix server from web

Oh, and by the way, both of these toolsets are free.
Alzhy
Honored Contributor

Re: How to do the user and password management on Linux / Unix server from web

"For the Linux nodes, LDAP-UX does not exist. You can however build the same using openldap as a client of your AD and add Kerberos integration, almnost exactly the same as your HP-UX environment. Some of the config files and scripts will even port almost directly."

Can you post your complete recipe pls?
Hakuna Matata.
Don Mallory
Trusted Contributor

Re: How to do the user and password management on Linux / Unix server from web

Hi Alzhy,

When I last looked into this (about 2 years ago now), I had a tailored ldapclientd.conf to connect to the AD, unfortunately, not using SSL (that was a next step).

My AD already had the MS SFU 3.5 extensions installed to support the HP LDAP-UX product set, as well as accounts and groups configured to support this. I was able to perform queries against the AD for users and find general auth details. (e.g. ls -al showed proper info out of the AD for non-local users).

There was no (HP) pam_authz style module available at the time for Linux, which was a bit of a showstopper for me, so I was looking at other similar methods at the time. I would suspect this has changed since then.

For Kerberos integration, it's no different that the process used for HP-UX. Create up your keys, export them per host, import them on the Linux host, yay.. The krb5.conf file was almost identical between Linux and HP-UX other than minor service differences, since they both come from MiT.

The automounter (autofs) under Linux is far more versatile that HP-UX, so it worked the same or better as well.

My primary difficulties were with respect to getting SSL connectivity working, a pam_authz replacement, and that I didn't like the AD authentication method that openldap was using at the time (clear-text password in the config file).

Don