Novell OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009 Implementation Manual page 152

About Service Access on OES 2
Novell Linux User Management (LUM) lets you use eDirectory to centrally manage remote users
for access to one or more OES 2 servers.
In other words, LUM lets eDirectory users function as local (POSIX) users on an OES 2 server.
Access is enabled by leveraging the Linux Pluggable Authentication Module (PAM) architecture.
PAM makes it possible for eDirectory users to authenticate with the OES 2 server through LDAP.
In OES, the terms LUM-enabling and Linux-enabling are both used to describe the process that adds
standard Linux (POSIX) attributes and values to eDirectory users and groups, thus enabling them to
function as POSIX users and groups on the server.
You can use iManager to enable eDirectory users for Linux. For instructions, see
eDirectory Users for Linux Access" on page
Services in OES 2 That Require LUM-Enabled Access
Some services on an OES 2 server require that eDirectory users be LUM-enabled:
Novell Samba (CIFS) Shares on the Server: Windows workgroup users who need access to
Samba shares defined on the server must be LUM-enabled eDirectory users who are configured
to access the server. This is because Samba requires POSIX identification for access.
By extension, NetStorage users who need access to Samba (CIFS) Storage Location objects
that point to the server must also be LUM-enabled eDirectory users with access to the server.
NOTE: Although Samba users must be enabled for LUM, Samba is not a PAM-enabled
service. Logging in to the OES 2 server through Samba does not create a home directory.
Core Linux Utilities Enabled for LUM: These are the core utilities and other shell
commands that you can specify during the OES install to be enabled for authentication through
eDirectory LDAP. In Linux, these are known as PAM-enabled utilities.
IMPORTANT: Before you accept the default PAM-enabled service settings, be sure you
understand the security implications explained in
OES 2 Limitations," on page
The core utilities available for LUM-enablement are summarized in
Table 15-2
Command
ftp
login
openwbem
152 OES 2 SP2: Planning and Implementation Guide
221.
PAM-enabled Services Controlled by LUM
Where Executed
Another host
OES 2 server
SSH session with OES 2
server
Local host
156.
Section 21.2.2, "User Restrictions: Some
Task
Transfer files to and from the OES 2 server which,
in this case, is a remote host.
Log in to the OES 2 server, either directly or in an
SSH session with the server.
Required for iPrint, NSS, SMS, Novell Remote
Manager, and iManager.
"About Enabling
Table 15-2.