|
|
The ID mapping module consists of two routines that map remote users into local identities, plus a database from which the routines retrieve the relevant mapping information. The ID mapping database includes two types of map files. One type contains entries that map user logins; the other contains entries that map the values of user attributes, such as user IDs (UIDs) and group IDs (GIDs).
When a remote user attempts to access a service on your system, the port monitor receives the connection request. It uses an authentication scheme to validate the user; the scheme then calls the ID mapping routines. One routine checks the login maps associated with the ID mapping scheme, then maps the user to a login on the local system. The other routine checks the local system's attribute maps, then maps the values of user attributes on the remote system to the specified local values.
Both login mapping and attribute mapping are provided as part of a general mapping facility. Some applications may require that users be mapped both by login and by attribute; other applications may require that they be mapped only by attribute. Typically, however, users are mapped only by login; when users are mapped by login, the administrator controls a remote user's local environment by associating attributes with the user's login in the local system's /etc/passwd file (see passwd(4)).
ID mapping administration entails setting up and maintaining the ID mapping database; however, before you set up the database, it is assumed you have installed the authentication schemes you intend to use.
We recommend you administer your system in the following sequence:
Administering the ID mapping database is achieved using the ID mapping commands.