it() loginshell - Full path to the prefered Unix login shell. e.g. file(/bin/bash)
it() emailforward - Destination email address.
it() userpassword - Encrypted version of the password. [root]
+ it() sshrsaauthkey - SSH RSA public authentication key.
it() supplementarygid - A list of group names that the user belongs.
This field emulates the functionality of the traditional Unix group
file. [root]
+ it() dnszoneentry - A list of zone file fragments that are placed in
+ the zone file for debian.net. [root]
+ it() allowedhosts - Permits access to hosts outside of the group list. [root]
it() onvacation - A message indicating that the user is on vacation. The
time of departure and expected return date should be included as
well as any special instructions.
it() comment - Administrative comment about the account. [root]
it() labeledurl - User's web site.
+ it() privatesub - Debian-Private subscription
+ it() icquin - ICQ User Number
)
When prompted for a password it is possible to enter a blank password and
[postalcode, postal address, lat/long] telephone numbers, and the vacation
message.
-Admin-only/maintainer-only information includes email forwarding and the
-encrypted password. Note that email forwarding is necessarily publicly viewable
-from accounts on the actual machines.
+Admin-only/user-only information includes email forwarding, ssh keys and
+the encrypted password. Note that email forwarding is necessarily publicly
+viewable from accounts on the actual machines.
manpagesection(LAT/LONG POSITION)
There are three possible formats for giving position information and several
it() Australian Database http://www.environment.gov.au/database/MAN200R.html
it() Canadian Database http://GeoNames.NRCan.gc.ca/
it() Atlas of the World, indexed by city http://www.astro.com/atlas/
+ it() Xerox PARC Map Viewer http://mapweb.parc.xerox.com/map
it() GNU Timezone database, organized partially by country /usr/share/zoneinfo/zone.tab
)
graph and looking for people to sign keys, not for coordinates accurate
enough to land an ICBM on your doorstop!
-manpagesection(Editing Supplemental GIDs)
+manpagesection(EDITING SUPPLEMENTAL GIDS)
When the root function is activated then the supplemental GIDs can be
manipulated as a list of items. It is possible to add and remove items from
-the list by name. Proper prompts are given.
+the list by name. Proper prompts are given. A similar editing function is
+made available for the host acl list.
+
+manpagesection(ENCRYPTION PUBLIC KEYS)
+The directory associates two types of public encryption keys with the user,
+a PGP key fingerprint and a SSH RSA authentication key. It is not possible for
+a user to change their associated key fingerprint, that can only be done by
+the keyring maintainers after performing reasonable verification of the new
+key. Who ever controls the PGP key can make any modification to the LDAP
+account by using the PGP mail gateways.
+
+SSH RSA authentication keys are used by the SSH protocol to authenticate a
+user based on a cryptographic challenge. These keys pairs are created by the
+ssh-keygen program. The public version that is stored in the directory is
+generally placed in a file called identity.pub. SSH RSA authentication keys
+are password equivelents, whoever has the private half of the key can use it
+to login to any machine, but not affect changes to the LDAP entry. SSH
+authentication keys are kept private.
+
+manpagesection(NOTES)
+To lock out an account take the password and prepend *LK* before the hash
+and after the {crypt} this is understood by ssh, shadow and the mailgateway to
+indicate a disabled account. No manipulations what so ever will be permitted.
manpageoptions()
startdit()
projects / mirror / userdir-ldap.git / blobdiff