Ubuntu in complex office situations

Brian Fahrlander brian at fahrlander.net
Wed Nov 15 16:09:13 UTC 2006

Hash: SHA1

    I'm on the third week of wrestling with pam_tally, cracklib, pam,
and LDAP. It started out so simple...

    A local debt collection company wanted to dump their Windows boxes,
which only telnet to an RHEL3 machine where they do their actual work.
12 machines were to lose Windows and just about everything in the office
was going to be Linux; this far from the larger towns, this was going to
be quite a big deal.  Here, Linux is barely a rumor.

    At home I share /home and /shares (multimedia partition) and use
LDAP to handle authentication. I manage the LDAP stuff with
phpldapadmin, since I change users every few years.  :)

    One problem is there's no user-friendly user-management programs to
hand an office manager. Computing for people, don'tcha know.  DirAdmin
is close, but had a bug or two that caused grief. And, too, there was
never a "this is how you generally populate the server to get it to get
along" documents.  Worse yet, it's a dying project.

    But even if LDAP was a breeze, the bank this company deals with
requires a "three-strikes" login protocol. Sure, all mechanical methods
to access their system use RSA keys, but they want workstations to lock
the account on the third failed login.  This is where I've spent the
lion's share of the time- there are lots of opinions via Google, but in
10-15 re-installs on a test box, I can't seem to find ONE of these
setups in which it actually *works*.

    1. Is LDAP on Ubuntu ever going to be simpler for office-mortals?

    2. Has anyone gotten pam_tally to work, especially with "failed
login" files sitting on NFS?

    I'd sure love to hear anything you've got, 'cause I'm up a tree here.

- --
 Brian Fahrländer                 Christian, Conservative, and Technomad
 Evansville, IN                              http://Fahrlander.net/brian
 ICQ: 5119262                         AOL/Yahoo/GoogleTalk: WheelDweller
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the ubuntu-users mailing list