sunhux
asked on
recommend secure & efficient Unix LDAP (equiv of Windows AD)
UNIX ID Management/Administration is one of the most tedious job since we have to login interactively to each of the server when there is a request to create/delete a sysadmin (or apps support) user in the hundreds of Unix servers.
We have AIX, Sparc Solaris 10 & 11 & a few Solarix Intel & a few RHEL : almost all of them are physical ie non-VM.
Our compliance privileged user management & access tool is CyberArk (ie sysadmins have to go thru it)
A few options:
a) have a centralized tool like HPSA or Nagios which we could centrally send a "useradd" or "userdel" command
to the servers : but this is not as good as wintel AD-like solution because accounts are still locally created
& every 60-90 days have to login manually by the owners to change password.
Also, in Solaris, root accounts that expire will cause root cron jobs to fail
b) years ago I heard of Sun's NIS+ solution but this can't be used with AIX & RHEL or can it?
c) solution must not have adverse impact or unwieldy to apps like Oracle DB, Oracle Financials,
TripWire, Netbackup
We have AIX, Sparc Solaris 10 & 11 & a few Solarix Intel & a few RHEL : almost all of them are physical ie non-VM.
Our compliance privileged user management & access tool is CyberArk (ie sysadmins have to go thru it)
A few options:
a) have a centralized tool like HPSA or Nagios which we could centrally send a "useradd" or "userdel" command
to the servers : but this is not as good as wintel AD-like solution because accounts are still locally created
& every 60-90 days have to login manually by the owners to change password.
Also, in Solaris, root accounts that expire will cause root cron jobs to fail
b) years ago I heard of Sun's NIS+ solution but this can't be used with AIX & RHEL or can it?
c) solution must not have adverse impact or unwieldy to apps like Oracle DB, Oracle Financials,
TripWire, Netbackup
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Can oracle, tripwire & Netbackup accounts be migrated from local accounts
to NIS accounts without the need to reinstall these apps?
to NIS accounts without the need to reinstall these apps?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm referring to OS accounts (eg: oracle that could be found in /etc/passwd)
Internally, some parties prefer to use a Wintel solution; is there any product that
runs on Wintel that could perform such UNIX LDAP for AIX, Solaris & RHEL?
Internally, some parties prefer to use a Wintel solution; is there any product that
runs on Wintel that could perform such UNIX LDAP for AIX, Solaris & RHEL?
ASKER
such as allowing us to change root password centrally?