Automated and Centralised UNIX Authentication, Account Provisioning and Account Administration
by Anton Koren and Luke Howard
ABSTRACT
As enterprises grow from tens to hundreds to thousands of UNIX systems from various vendors, the administration overhead of account provisioning, de-provisioning and password resets becomes labour-intensive and cost-prohibitive. This paper discusses an open standards-based approach to UNIX authentication, account provisioning and account administration using LDAP/X.500 directory services, pam_ldap and NIS. The technologies being discussed are UNIX-vendor-independent. They are developed in Melbourne and used throughout the world. The benefit to businesses is substantial savings in support and labour costs. The benefit to UNIX administrators is more time to work on interesting and challenging aspects of UNIX administration. And finally, this paper describes how to implement technologies which are available today.
UNIX systems have historically used NIS (Network Information System) and NIS+ for centralised user management and centralised authentication. Most vendors are phasing out NIS and NIS+ and migrating to pam_ldap. We will now discuss the current technologies available for user management and user authentication on UNIX systems.
Anton Koren
Computer Associates
Luke Howard
PADL Software Pty Ltd
Download complete paper: Automated and Centralised UNIX Authentication, Account Provisioning and Account Administration (188K PDF)