Domainless Groups

Normally in AIX Security, the groups of an AIX user should only reside in the same type of registry that the user is found in.  In other words, if a user is an LDAP user, his groups should only be found in the LDAP registry.  An LDAP user’s groups list shouldn’t refer to any groups that correspond to the local group registry found in /etc/group.

However, this new Domainless Group feature will allow a user’s groups value to contain groups that reside in different types of registries, so an LDAP user could have LDAP-based groups and local, files-based, groups.

It is my opinion that this feature should be released in the next major AIX Technology level release in 4Q 2013.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: