[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non fedora-usermgmt user creation



rc040203 freenet de (Ralf Corsepius) writes:

>> Walk me through this then, I use fedora-usermgmt to create a user for my
>> nagios package.  What uid does it select, how does it select that UID,
>> and when you install it on your machine, how does it have the same UID
>> that it did when it was installed on my machine?
>
> Then Enrico also might explain how to propagate this UID to the
> NIS/LDAP server hosting a network's network-wide uids.

1. I think, it is a bad idea to manage system users in NIS/LDAP. This
   adds a lot of requirements (and points of possible failures) for
   starting a service:

   * network must be up/working
   * SSL certificates must not be expired
   * NIS/LDAP server must be up
   * supporting servers (DNS, firewall) must be up

   I prefer /etc/passwd for system users


2. 'fedora-usermgmt' eases propagation of UIDs to NIS/LDAP servers. When
   you really want it, you can write a package similarly to
   'fedora-usermgmt-shadow-utils' which:

   * contains /etc/fedora/usermgmt/scripts.ldap/useradd script; it will
     be called with the mapped uid as the first parameter, the remaining
     params are those of a plain useradd.

     How you implement this 'useradd' script, is your thing. E.g. you
     could parse the params there, create an ldif file and execute
     'ldapadd' with a cached krb5 ticket.


   * installs this script with a high 'alternatives' priority.




Enrico

Attachment: pgprn39xiorpt.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]