Then you don’t understand how it works with local auth services.
Comment on LDAP to UNIX user proxy
kevincox@lemmy.ml 2 months agoYet another service to maintain. If the server is crashing you can’t log in, so you need backup UNIX users anyways.
just_another_person@lemmy.world 2 months ago
cybersandwich@lemmy.world 2 months ago
Would you mind educating us plebs then? I had a similar question to op, and I can assure you, I definitely don’t understand local auth services the way I probably should.
just_another_person@lemmy.world 2 months ago
Your local auth services are configured to use LDAP as a source, whatever your local auth mechanism is checks credentials, and then you’re auth’d or not. Some distros have easy to use interfaces to configure this, some don’t, but mostly it’s just configuring pam.d (for Linux), and a caching daemon of some sort to keep locally cached copies of the shadow info so you can auth when the LDAP server can’t be contacted (if you’ve previously authenticated once). You can set up many different authentication sources and backends as well, and set their preferences, restrictions, options…etc.
RHEL/Fedora examples: www.redhat.com/sysadmin/pam-authconfig
Debian examples: wiki.debian.org/LDAP/PAM
BearOfaTime@lemm.ee 2 months ago
You need backup local admin accounts, not Backups for each user.
Which is how enterprise does things. There are local accounts with root access, but the id’s and passwords are tightly controlled.