Red Hat Enterprise Linux 5 Administration Unleashed

CHAPTER 12Identity ManagementManaging user accounts, including passwords, on individualsystems does not scale well when an administratormust maintain hundreds or thousands of users onhundreds or thousands of systems, often around the world.Many services are available for Red Hat Enterprise Linux toallow users to authenticate from a central, remote server,which can also store user information that can be retrievedfrom client systems.IN THIS CHAPTER. Understanding PAM. Enabling NIS. Enabling LDAP. Enabling Kerberos. Enabling SMB or WinbindAuthentication. Enabling with AuthenticationToolSome of the advantages of using a network service for userinformation and authentication include only having toback up this data from one system, updating the informationon the server updates the information for all clients,and implementing higher security on the server containinguser information.If local authentication is what you require, refer to Chapter9, “Managing Users and Groups,” for details. Even if youare not using local users and groups, it is recommendedthat you read the “What Are Users and Groups” section fora description of Linux users and groups and the “BestPractices” section of Chapter 9 for suggested methods forestablishing username conventions, setting password expiration,selecting secure password, deleting accounts, andstructuring home directories.Red Hat Enterprise Linux includes many network servicesfor remote identity management. This chapter discusses theNIS, LDAP, Kerberos, Hesiod, SMB, and Winbind authenticationservices.Understanding PAMPAM, or Pluggable Authentication Modules, is an authenticationlayer that allows programs to be written independent of aspecific authentication scheme. Applications request authenticationvia the PAM library, and the PAM library determines