SunMC / ldap authentication

Hi Hurtnn,

> Other admins at my company are toying with ldap and

> Sun Directory Server for authentication. Has anyone

> ever got this to work for logging into the sunmc

> client? I saw a post on here claiming it was not

> possible, but I was wondering if anyone else could

> confirm that.

SunMC creates some users (i.e. the SunMC database user: smcorau) and groups (i.e. esadm, esscrusr, esdomadm, esops) when you install the Server software... and it only knows how to make those users/groups in Solaris. But, there's nothing stopping you from making those same entries in LDAP post-install and changing /etc/nsswitch.conf to use LDAP instead. The only file you should have to fiddle with is /var/opt/SUNWsymon/cfg/esusers, which is the list of people who can login.

The SunMC Agents don't use any accounts, so they don't care about LDAP, only the Server.

Basically SunMC uses Solaris for user authentication, so if you change Solaris to use LDAP and make sure all of SunMC's settings are in there it will work fine.

Regards,

Mike.Kirk@HalcyonInc.com

http://www.HalcyonInc.com

Aronek at 2007-7-7 3:03:59 >

More info from Sun...

SunMC's cfgserver uses the getspnam UNIX call during user authentication

to the server layer host. If you are using a pam library other than the pam_unix like

a pam_ldap or kerberos, then you will run into problems described in the RFE.

a workaround would be: use the pam_unix library in /etc/pam.conf

aftereffect is: you lose passwd aging and a lot of benefits of ldap

hurtnn at 2007-7-7 3:03:59 >