HPE Community
Operating System - HP-UX
1825954 Members
2516 Online
109690 Solutions
New Discussion

Re: Home Directory Creation When Using LDAP-UX

 
Greg Robertson
Occasional Advisor

‎08-07-2002 11:16 PM

‎08-07-2002 11:16 PM

Home Directory Creation When Using LDAP-UX

Hi All,
I am currently in the test stage of setting up user authentication via LDAP-UX and NDS. I have one issue thought. I am looking to see if anyone has come up with a solution with the creation of users home directory on the various systems that they will be logging it to. Initially I thought a simple addition to the /etc/profile script on each system to check to see if the home directory exists and if not to create it. But for this to happen I need to have R/W/X permission to all on the /home directory which could be a security risk. Unfortunately these systems do not have shared disk storage and I am wary about using NFS as some of the servers are at remote sites.

Has anyone any ideas on this subject.


Thanks in advance.
0 Kudos
Reply
3 REPLIES 3
Santosh Nair_1
Honored Contributor

‎08-08-2002 12:52 AM

‎08-08-2002 12:52 AM

Re: Home Directory Creation When Using LDAP-UX

Not a solution, but something to consider...

We're also looking at using LDAP in our environment, but since adding a user in LDAP gives that user the ability to log into ANY of the LDAP client machines, we've been using the fact that the home directories have not been set up as a way of restricting access to machines. In other words, if the user doesn't have a home directory then he probably shouldn't be logging into the machine in the first place, so we set up something in /etc/profile to check if the user has a home dir, and if not, kick them out. So we use this "feature" to our advantage. Just some food for thought.

-Santosh
Life is what's happening while you're busy making other plans
0 Kudos
Reply
Nat Guyton
Advisor

‎04-02-2004 07:17 AM

‎04-02-2004 07:17 AM

Re: Home Directory Creation When Using LDAP-UX

I am looking at this as well - Currently we have a setuid script (ugh) called from /etc/profile that creates the directory and such, but then the user is forced to log out and log in again for it to take effect.

Linux has a nice PAM module that will create the directory automatically on the first try. This is nice if you have an LDAP server providing account info for multiple servers and don't want an NFS home.

I wish there was something like that for HPUX - someone could probably write a PAM module, but I am not that person. :-(
Never underestimate the bandwidth of a station wagon filled with backup tapes
0 Kudos
Reply
Joe Harrison_1
Advisor

‎04-15-2005 06:37 AM

‎04-15-2005 06:37 AM

Re: Home Directory Creation When Using LDAP-UX

As far as creating a home directory for each user, you could create a sudo script which allows users to create there own home directory. Otherwise you would have to change the permissions on /home (not good).

There actually is a pretty get method for host access control. Create a DUAConfigprofile for each host that uses the ldapux_client. Modify the passwd attribute as follows:

passwd:dc=example,dc=com?sub?(&(objectclass=posixaccount)(|(host=hostname)(host=*)))

Then modify the host attribute of the posixaccounts:

host: hostname

Replace "hostname" with the actual hostname of the machine in question.

Download the profile with:

/opt/ldapux/config/get_profile_entry -s nss

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.