Provisioning Linux Users

As mentioned at the beginning of this chapter, not all services support native eDirectory authentication. This is especially apparent within the services commonly associated with Linux environments.

Typical Linux servers provide user authentication for a number of services. Common examples of these are local logins, secure shell connections, Samba, NFS, and HTTP/FTP access. Managing user accounts across these access methods can be the most frustrating part of administration! Thankfully, OES Linux greatly simplifies this aspect of administration through enabling eDirectory as a central storage location for all user accounts across all services.

The central component of OES that provides this integration is Linux User Management.

Linux User Management

In a nutshell, Linux User Management (LUM) is a directory-enabled application that centralizes the storage and management of Linux user accounts. LUM uses eDirectory for the back-end repository of users and therefore benefits from the security, scalability, and reliability eDirectory users have come to expect.

LUM extends the capabilities of the Novell Account Management (NAM) software and includes the following components:

NAM Pluggable Authentication Module (pam_nam) This module provides eDirectory authentication through LDAP for all PAM-aware services. When authenticated, users have the same privileges as when authenticating through NIS, NIS+, or local files.
Linux Administrators may equate this to the pam_ldap module. Although the primary purpose of pam_nam is to provide LDAP authentication, similar to pam_ldap, pam_nam offers a closer integration with eDirectory with the following additional benefits:
- Unique UIDs and GIDs across the LDAP tree, or LUM domain
- Advanced server access control based on LDAP access control lists (ACLs) in eDirectory
- Refined LDAP searches offering a more effective integration with eDirectory
NAM Name Service Switch (libnss_nam) redirector This redirector enables user lookup through an LDAP connection to eDirectory. This is used to enforce permissions when accessing system resources.
NAM Cache Daemon (namcd) This daemon caches all user lookups performed by NAM. This cache is checked first when performing user lookups. If the requested resource is located with the cache, the LDAP lookup against eDirectory will not be performed. This greatly increases name resolution performance.
Command-Line Utilities Many different command-line utilities exist to add Linux administrators. These utilities can be used in place of iManager for basic LUM administration. More information on these utilities will be available later in this section.

LUM-RELATED OBJECTS

In addition to the physical components of LUM, in order for LUM to integrate Linux authentication into eDirectory, the eDirectory schema must be extended. The extension takes place automatically during the LUM installation. LUM-specific extensions create both classes and attributes required for authentication by the Linux services. These extensions are used in creating LUM-specific objects used to configure LUM, and when modifying user and group objects to convert them to valid Linux users and groups.

The following list describes each of these required LUM objects:

Linux (UNIX) Config This object is used to store configuration information for a specific LUM domain. It contains such things as the next available GID and UID numbers and the context for Linux Workstations.

NOTE

A LUM Domain is simply a term used to describe one Linux Config object and all users and workstations associated with that object. By default, one Linux Config object and therefore one LUM Domain, is created during the installation of LUM. Into this one LUM Domain, additional Linux servers and workstations can be added using the namconfig utility.

If your network spans multiple sites, or LUM services will be offered to a large number of users, additional Linux Config objects (and therefore additional LUM Domains) can be created.

The namconfig utility is the only tool that can create Linux Config objects in eDirectory. When creating multiple Linux Config objects, ensure that all LUM domains exist in their own eDirectory partition. Also, due to the subtree LDAP search used with LUM, ensure that no LUM domain exists beneath another LUM domain in the eDirectory tree.

Linux (UNIX) Workstations Every Linux server or workstation relying on LUM authentication must have a Linux Workstation object in the eDirectory tree. This object maintains a link to all LUM groups that are allowed access to local services.
LUM User Normal eDirectory users are extended with a Linux-specific auxiliary class. This extension provides users with attributes required for Linux authentication. New attributes assigned to users include such things as the User ID (UID) number, primary Group ID (GID) number, default shell, and home directory location.
LUM Group eDirectory groups are also extended using a Linux-specific auxiliary class. This extension adds such attributes as the Group ID (GID) number, and Linux Workstations and users assigned to the group.

NOTE

During the installation of LUM, a default Linux Config, Linux Workstation, and LUM group are all configured automatically. However, LUM users must either be created manually during the creation of a new eDirectory user, or an existing eDirectory user must be converted to a LUM User prior to using LUM.

LUM INSTALLATION

The installation of LUM is normally performed during the main OES installation. If LUM was not selected during installation, follow these steps for adding LUM to your OES server.

1.	On the OES server, launch YaST.
2.	Select the Software category, and then click on the Install and Remove Software module.
3.	Ensure that the Filter is set to Selections, and then select Novell Linux User Management in the Selection window. Click Accept to complete the installation. (You may be prompted to install additional software to satisfy software dependencies. If so, select Continue to finish the installation.)
4.	After the LUM packages are installed, the LUM configuration must be completed. Ensure that the LDAP configuration for LUM is correct. Then enter the administrator's password in the appropriate field and click Next.
5.	Ensure that the Linux User Management contexts for the Linux Config object and Linux Workstations are correct. If an LDAP proxy is desired, enter the required information and then click Next.
6.	Select the PAM-enabled services you would like integrated with LUM. Selected services will now attempt to authenticate users via LUM prior to authenticating against the local account files. Click Next to complete the installation.

LUM ADMINISTRATION

LUM administration can effectively be divided into the following three categories:

LUM configuration
User and group administration
Linux service administration

LUM CONFIGURATION

Although LUM is usable immediately after installation, it is a good idea to check the default LUM configuration prior to creating LUM users. The following steps describe checking the LUM configuration:

Launch iManager. In the Navigation frame, open the Linux User Management group and select Modify Linux/Unix Config Object (see Figure 8.11).

Figure 8.11. Modifying the Linux Config Object.

Locate the default UNIX Config object using the object selector. This object can be found in the same context as your server object. Click OK.

On the PosixConfigPage under the LinuxProfile tab, check the configured information and click OK. The default values are normally sufficient, but if necessary, the following fields may be changed:

Linux Workstation Contexts Enter the context or contexts where Linux Workstation objects should be located within the tree. When you use namconfig to add additional workstations to the tree, additional contexts will be automatically added.
uam Posix GID/UID Number Start Enter the first available number for Linux GID and UID numbers in these fields.
uam Posix GID/UID Number End Enter the last available Linux GID and UID numbers in these fields.
uam Posix GID/UID Number Last Assigned These fields contain the last GID and UID numbers assigned by LUM. Only change this field if you intend to skip a number range.
uam Posix GID/UID Number Reuse Check these options if you would like to reuse GID and UID numbers that belong to deleted users and groups.

WARNING

Reusing GID and UID numbers that were previously assigned to deleted users allows the new user or group to assume the Linux filesystem rights assigned to the previous user or group. Use this option only if you are familiar with Linux permissions and understand this risk.
uam Posix GID/UID Number Deleted Map These fields track the GID and UID of deleted users and groups. Normally, these fields should not be modified manually.

In addition to iManager-based configuration, there are some configuration options that you may want to set on the OES machine itself. One important option is regarding the configuration of the NAM Cache Daemon (namcd).

As explained earlier, the NAM Cache Daemon caches user and group lookups from eDirectory. By default this daemon uses a persistent cache that will be immediately available upon server restarts. For most implementations this is the desired behavior and will produce optimal performance. However, if you would like to use a nonpersistent cache, or modify the cache refresh or size settings, the configuration of namcd must be manually modified.

The configuration file for NAM is /etc/nam.conf. Within this configuration file, there are settings that determine the behavior of namcd. The primary settings regarding the namcd cache are as follows (see the nam.conf man page for more information):

enable-persistent-cache=YES Determines whether the namcd cache is maintained on the local server and kept persistent across server reboots. Valid values are "yes" or "no."
persistent-cache-refresh-period=28800 Specifies the interval (in seconds) in which cached users and groups are refreshed from eDirectory. A longer interval reduces network traffic but can produce stale data. Valid settings range from 1 to 2147483647 seconds.
persistent-cache-refresh-flag=all Determines whether all user and group data is refreshed during a cache refresh, or just accounts that have been accessed during the current session. Valid values are "all" or "accessed."

NOTE

Do not confuse namcd (NAM Cache Daemon) with nscd (Name Service Cache Daemon). With LUM, namcd and nscd work together. The nscd daemon is used to cache hostnames and addresses. The namcd daemon specifically caches user and group names and IDs from eDirectory. Using namcd, performance of subsequent lookups of cached users and groups is significantly improved.

USER AND GROUP ADMINISTRATION

eDirectory users do not automatically have the attributes required for LUM authentication. In order for the user to be a valid LUM user, these attributes must either be added during the initial user creation from within iManager, or added after the fact by converting the existing user to a LUM user. Assigning the LUM attributes to users during user creation has already been described in the User Object section at the beginning of this chapter. The following steps describe how to convert an existing user to a valid LUM user.

1.	Launch iManager. In the Navigation frame, open the Linux User Management group and select Enable User for LUM.
2.	Locate the desired user object using the object selector or object history. Click OK.
3.	To enable the user for LUM or Samba, the following fields must be filled out: Primary Group (Required) Enter the primary LUM group for the user. All Linux users must be associated with a Linux group. By default, a Linux group called `lumgroup` is created for this purpose. Enable Samba Authentication If this user will also be accessing server resources via Samba, select the check box to enable Samba Authentication. The user's Samba password must also be manually entered into the appropriate fields. NOTE Enabling a user for LUM during initial user creation will automatically enter the user's password into the Samba password fields. Converting a user after creation may result in non-synchronized passwords if the Samba password entered does not match the eDirectory password.
4.	Click OK to save the modifications.

NOTE

Existing Linux implementations may want to migrate users directly from local, NIS, or NIS+ accounts. For information on this process, please see the man page for the unix2edir utility.

Linux requires every user to have a primary group associated with the user. LUM must also require a primary LUM group for users within eDirectory. As with user objects, eDirectory groups do not automatically have the attributes required for valid LUM groups. In order for the group to be a valid LUM group, these attributes must either be added during the initial group creation from within iManager, or added after the fact by converting the existing group to a LUM group. Assigning the LUM attributes to groups during user creation has already been described in the Group Object section at the beginning of this chapter. The following steps describe how to convert an existing group to a valid LUM group.

1.	Launch iManager. In the Navigation frame, open the Linux User Management group and select Enable Group for LUM.
2.	Locate the desired group object using the object selector or object history. Click OK.
3.	To enable the group for LUM, one of the following options must be selected and filled out: Linux Config Object To associate the group with all defined Linux Workstations within the LUM domain, select this radio button and enter the Linux Config object in the corresponding field. Linux Workstation Object(s) To associate the group with one or more specific Linux Workstations, select this radio button and enter the group or groups in the corresponding field.
4.	Click OK to save the modifications.

LINUX SERVICE ADMINISTRATION

During the installation of LUM, you can determine which PAM-aware services you would like LUM-enabled. Services available for selection are listed in Table 8.4.

Table 8.4. PAM-Aware Services Available for Integration with LUM
SERVICE	DESCRIPTION
`login`	Local authentications via programs such as `mingetty`.
`ftp`	File Transfer Protocol connections to programs such as `vsftpd`.
`sshd`	Secure Shell connections made to `sshd`.
`su`	Switched User authentications.
`rsh`	Remote command execution sessions with rsh.
`rlogin`	Remote shell sessions made with rlogin (not as secure as SSH).
`passwd`	Password changes made with the passwd command.
`xdm`	Graphical authentication used with local and remote graphical sessions.
`openwbem`	Authentication to `openwbem` providers on the local server. This is used for Health Monitoring within OES.

If these services were not configured during installation, you can use the YaST module for LUM to LUM-enable these services later. The following steps document this process:

1.	On the OES server, launch YaST.
2.	Select the Users and Security category, and then locate the Linux User Mgmt module. Click on this module to execute it. NOTE You may receive a warning about LUM already being configured on the OES server. Selecting "Yes" will cause the LUM components to be reinstalled and configuration can continue.
3.	Ensure that the LDAP configuration for LUM is correct. Then enter the administrator's password in the appropriate field and click Next.
4.	Ensure that the Linux User Management contexts for the Linux Config object and Linux Workstations are correct. If an LDAP proxy is desired, enter the required information and then click Next.
5.	Select the PAM-enabled services you would like integrated with LUM. Selected services will now attempt to authenticate users via LUM prior to authenticating against the local account files. Click Next to complete the installation.

SECURING LUM

When you're using LUM, users can be authenticated to eDirectory using a secure or nonsecure LDAP connection. To increase security, it is a good idea to always use a secure LDAP connection. This is the default configuration of OES, but adding additional servers or workstations to the LUM domain will require a manual configuration. This process can also be followed on the current OES server to reconfigure LUM if configuration errors are encountered.

To enable secure LDAP connections with LUM, or to add an additional server or workstation to your LUM domain, execute the following command:

[View full width]
 namconfig add -a <admin name and context> -r <Linux Config context> -w <Server/workstation  context> -S <Server DNS or IP Address>:389 -l 636

After determining the appropriate values for the admin name and context, Linux Config context, and server or workstation context, the command should look more like the following:

[View full width]
 namconfig add -a cn=admin,o=novell -r ou=lum,o=novell -w ou=ws,ou=nam,o=novell -S  OESSERVER1:389 -l 636

The namconfig utility is used to configure NAM on Linux servers and workstations. This command configures the local server to communicate via SSL by modifying the /etc/nam.conf file and retrieving the server's SSL certificate from eDirectory. The server certificate is stored in the /var/nam directory as a hidden file named with the server name and a .der extension. If this certificate expires, it can be re-created using the following command:

 namconfig -k

NOTE

For more information on namconfig, refer to the man page or to Novell's online documentation.

LUM COMMAND-LINE UTILITIES

The majority of LUM administration is performed through iManager. However, Linux administrators experienced with the command-line interface may find the command-line tools quicker than the browser-based interface of iManager.

Table 8.5 summarizes the command-line tools available for LUM administration on the OES machine.

Table 8.5. LUM Command-Line Utilities
UTILITY	DESCRIPTION
`namconfig`	This utility is used to add or remove LUM for a specified eDirectory context. This utility can also be used to adjust LUM configuration parameters and import the SSL certificate necessary for secure LDAP connections to eDirectory.
`namuseradd`	Creates a LUM user in eDirectory. Can also convert non-LUM eDirectory users to LUM users.
`namuserdel`	Used to delete a LUM user from eDirectory.
`namuserlist`	Used to connect and list valid LUM users from specified eDirectory contexts.
`namusermod`	Used to modify a LUM user's login information in eDirectory.
`namgroupadd`	Creates a LUM group in eDirectory. Can also convert non-LUM eDirectory groups to LUM groups.
`namgroupdel`	Used to delete a LUM group from eDirectory.
`namgrouplist`	Used to list valid LUM groups from eDirectory.
`namgroupmod`	Used to modify a LUM group's attributes in eDirectory.
`unix2edir`	Used to migrate local, NIS, or NIS+ accounts to eDirectory.
`namutils.inp`	Found in `/var/nam`, this configuration file is used to store default values for the various parameters of the `nam` utilities. This file is created upon running one of the `nam` utilities (except `namuserlist` and `namgrouplist`). After this file has been created, it can be modified to reduce the number of manually entered parameters required when using these utilities.
`unix2edir.inp`	Found in `/var/nam`, this configuration file is used to store default values for the various parameters of the `unix2edir` utility. This file is created upon running `unix2edir`. After this file has been created, it can be modified to reduce the number of manually entered parameters required when using this utility.

NOTE

More information on each of these utilities is available by accessing the man page for the respective utility.

AUTHENTICATION WITH LUM

With LUM configured, valid LUM users and groups created, and Linux services integrated into LUM, the authentication process a user goes through with LUM can finally be investigated.

LUM is specifically designed to take advantage of the Pluggable Authentication Module (PAM) infrastructure common with Linux servers. The primary benefit this offers is that all PAM-aware services have the potential to be integrated into eDirectory through LUM with relative ease. This section will describe the integration steps and processes of authentication with a PAM-aware service.

NOTE

It is possible to enable LDAP-aware services to integrate directly with eDirectory, but this configuration is specific to the application being integrated and beyond the scope of this book.

PAM INTEGRATION WITH LUM

As mentioned in the Login Process section of Chapter 3, "Working with SUSE Linux Enterprise Server 9," PAM utilizes a configuration file for every PAM-aware service. These files exist in the /etc/pam.d directory and are named after the respective service. The contents of these files are used to determine what modules are involved with the authentication process to ensure that the user is allowed access. As shown in Figure 8.12, the pam_nam module is used for all authentication services.

Figure 8.12. The `pam_nam` configuration used with the Login service.

The control flag used with these services is normally set to sufficient. This causes the authentication process to halt upon successfully retrieving authentication, account, and password information from the pam_nam module.

If pam_nam is unable to fulfill the request, the remainder of the configuration file is used. This allows local accounts to authenticate after checking for the requested account in eDirectory. It is important to ensure that the service configuration file allows for local authentication for root-level access for administrators.

The pam_nam module relies on the /etc/nam.conf configuration file. This file contains information regarding the IP address of the eDirectory server, what credentials to use when authenticating to that server, and where in the eDirectory tree to search for LUM users and groups.

NOTE

For more information regarding the nam.conf configuration file, refer to the man page, or Novell's online documentation.

NAME SERVICES WITH LUM

After authentication, the ability to look up user and group names in eDirectory is still required. The process of resolving user, group, machine, and other identities in Linux is known as Name Services. When using LUM, the Name Services configuration must be altered to also look up names in eDirectory.

The configuration file for Name Services is /etc/nsswitch.conf. The main purpose of this file is to list possible databases of names being queried and where information regarding those names can be located. With LUM, the information we are concerned about is resolution of user and group names.

User and group lookup configuration can be found on the "passwd" and "group" database entries within the nsswitch.conf file. When you're using LUM on the local server, these two entries should contain the following configuration:

 passwd: compat nam group:  compat nam

This configuration causes the Name Service lookup to initially query the local files (using the default compatibility mode), and then query for names and groups using the libnss_nam library. This library uses LDAP to query eDirectory for user and group names. After being resolved, the names and IDs are cached by the NAM Cache Daemon (namcd) to reduce lookup time for subsequent requests.

One example of where this lookup is performed is when performing a file listing using the ls command. The ls command uses Name Services to translate the file and group owner IDs to usable names rather than the actual ID numbers. If the lookup is not successful, IDs rather than names will be displayed, and accurate permissions enforcement may be compromised.

Default installations of LUM should have this configuration performed automatically. However, if additional servers or workstations are added to the LUM domain outside of an OES installation, after adding the machine using namconfig, the nsswitch.conf file must be manually configured as in the preceding example in order for name lookups to be successful.

Samba User Management

The Samba program suite provides access to local resources through the Microsoft SMB/CIFS protocol. This effectively allows Windows, Linux, and other operating systems to connect to those resources as though they were residing on a Windows-based computer. To do this, Samba must use an authentication method that is compatible with Windows authentication. Samba provides this authentication through a local store of Samba usersin addition to those same users being stored as local Linux accounts. Although this default configuration does work, it can result in unsynchronized passwords, and an environment that is difficult to maintain. OES Linux resolves this situation by leveraging the LUM infrastructure to provide Samba authentication as well.

Samba User Management requires the LUM component to be fully operational. All Samba users must first be valid LUM users. It is a good idea to fully test LUM using local logins prior to beginning Samba configuration.

NOTE

With OES, a user's Samba password is stored as two specific attributes of each Samba user. This password can only be synchronized when users change their password from within Virtual Office. If you expect users to change their password from other utilities, you must enable the Universal Password component of NMAS.

When Universal Password is enabled, the Universal Password is used in place of the Samba password during user authentication. This ensures a single user password across all authentication methods, including Samba, and synchronization is not an issue.

For more information on Universal Password, see the "Universal Password" section earlier in this chapter.

SAMBA COMPONENTS

The Samba suite that comes with OES is the same version of Samba that is available through other Linux distributions, such as SLES 9, with one notable exception. In order to integrate with LUM, the OES version of Samba has been compiled using the -with-ldapsam and -with-ssl switches. These switches are necessary to leverage the LDAP storage of user accounts, and to provide secure access to those accounts.

In order to access LDAP directories, Samba also relies on the OpenLDAP client libraries. These libraries are libldap.so and libldap_r.so. The default configuration of the OpenLDAP client is to provide a connection to eDirectory through a secure (SSL) LDAP session.

SAMBA INSTALLATION

The installation of Samba is normally performed during the main OES installation. If Samba was not selected during installation, follow these steps to add Samba to your OES server.

1.	On the OES server, launch YaST.
2.	Select the Software category, and then click on the Install and Remove Software module.
3.	Ensure that the Filter is set to Selections, and then select Novell Samba Configuration in the Selections window. Click Accept to complete the installation. (You may be prompted to install additional software to satisfy software dependencies. If so, select Continue to finish the installation.)
4.	After the Samba packages are installed, the Samba configuration must be completed. Ensure that the LDAP configuration for Samba is correct. Then enter the administrator's password in the appropriate field and click Next.
5.	Ensure that the Novell Samba Configuration is accurate, including the LDAP server host, base context for Samba users, eDirectory tree name, and the proxy user and password for the LDAP queries. When the configuration is complete, click Next.

SAMBA ADMINISTRATION

Administration of Samba services within OES can be divided into the following three basic categories:

General Samba configuration
Samba user administration
Samba resource administration

GENERAL SAMBA CONFIGURATION

The main configuration file for Samba is /etc/samba/smb.conf. This file contains the necessary information for Samba to connect to eDirectory. The following list contains a few of the parameters required for Samba integration with LUM:

passdb backend This field contains the connection information to the eDirectory server.
ldap admin dn The eDirectory administrator's name and context, in LDAP format, must be specified with this parameter.
ldap suffix This field contains the LDAP search base context to be used when locating Samba users. This is normally the same context where the Linux Config object can be found.
ldap passwd sync This option determines whether the Samba password should be synchronized via LDAP. This should be set to on with OES.
security This field should be set to user with OES. This ensures that a valid username and password combination is required, prior to the user gaining access to Samba shares.
encrypt passwords This option configures the server to recognize the encrypted passwords used with OES.
netbios name This option configures the NetBIOS name the Samba server will be known as. OES appends -W to the host name for this entry. This is required to prevent a conflict with NCP server name.

SAMBA USER ADMINISTRATION

As mentioned, Samba users are simply LUM users with an additional set of attributes associated with each user. During user creation within iManager, you are automatically prompted to convert the new user to both a LUM and Samba user. If user conversion is done at this time, the user's Samba password field will be automatically filled in with the new user's password. If the user is not converted at this time, the user will have to be manually converted later and the password must be re-entered manually.

Normal users cannot be converted directly to a Samba user without being also converted to a LUM user. For information on this process, refer to the LUM user section earlier in this chapter.

If you have a LUM user who was not designated as a Samba user, the LUM user must be manually converted to a Samba user through the following steps:

1.	Launch iManager. In the Navigation frame, open the Linux User Management group and select Enable LUM User for Samba.
2.	Locate the desired user object using the object selector or object history. Click OK.
3.	To enable the user for Samba, the user's Samba password must be entered and confirmed. After entering the password, click OK to convert the user.

When this process has been completed, the user is now a valid Samba user and can access any Samba resources configured on the server.

SAMBA RESOURCE ADMINISTRATION

Samba resources include such things as local files and printers. With OES, iPrint is the recommended method of printer sharing as the iPrint solution is much more complete than printer sharing under Samba.

File sharing with Windows users can be accomplished through either Samba or using the Novell Client to access NCP server resources. The NCP server provides a more complete filesystem permission structure than Samba, and NCP-based permissions are fully integrated with eDirectory. However, Samba shares are a commonly used method of sharing files and may be the best option based on your requirements.

Configuring Samba file shares with OES is identical to configuring shares without OES. The YaST administration tool provides access to a Samba server configuration module. This module should be used to configure all Samba shares. The following steps document this process:

1.	On the OES server, launch YaST.
2.	Select the Network Service category and then click on the Samba Server module. At this point, you may be prompted to install the `samba-winbind` package. If so, select OK to install the required package and continue.
3.	Select the Shares tab and click Add to configure a new share. In the subsequent dialog, provide the following information and click OK: Share Name Enter a name clients will use to access the shared directory. Share Description Enter a description for the new share. This description will be available to clients when they attempt to access the share. Share Type Select Directory as the share type, and then enter the local directory you want to share.
4.	Select Finish to save the Samba configuration and restart the Samba service to enable the new share.

NOTE

Samba can be quite complex. For more information regarding the many options for configuring Samba resources, refer to the main Samba documentation found at http://www.samba.org.

Linux User Management

LUM-RELATED OBJECTS

LUM INSTALLATION

LUM ADMINISTRATION

LUM CONFIGURATION

Figure 8.11. Modifying the Linux Config Object.

USER AND GROUP ADMINISTRATION

LINUX SERVICE ADMINISTRATION

Table 8.4. PAM-Aware Services Available for Integration with LUM

SECURING LUM

LUM COMMAND-LINE UTILITIES

Table 8.5. LUM Command-Line Utilities

AUTHENTICATION WITH LUM

PAM INTEGRATION WITH LUM

Figure 8.12. The pam_nam configuration used with the Login service.

NAME SERVICES WITH LUM

Samba User Management

SAMBA COMPONENTS

SAMBA INSTALLATION

SAMBA ADMINISTRATION

GENERAL SAMBA CONFIGURATION

SAMBA USER ADMINISTRATION

SAMBA RESOURCE ADMINISTRATION

Figure 8.12. The `pam_nam` configuration used with the Login service.