Unify Unix and NT accounts with kerberos
Kurpas Ban
kurpasban at yahoo.com
Mon May 26 11:42:14 EDT 2003
It's EASY
http://www.sco.com/products/authentication
digant at uta.edu (Digant Kasundra) wrote in message news:<BB48F73042D29D41A033A684D5FBB98405DCBA7F at exchange.uta.edu>...
> At University of Texas at Arlington, we're still working on a similar task
> to provide a single username and password to students on all 4 of our
> platforms (Windows, Linux, Tru64, and Solaris).
>
> So far, we have done testing with Kerberos and LDAP to authenticate Unix
> users against Active Directory. The results have been okay, but not
> acceptable.
>
> Speaking of Kerberos specifically, we tested with Linux against Active
> Directory and were able to authenticate users without a problem. But, for
> instance, if the person's password had expired, the pam_krb5 module was
> unable to recognize this during the accounting part (it would recognize it
> during the authentication part but based on PAM standards, asking a user to
> change their password should be done in the accounting part).
>
> But for the normal case where a user has an account on a Unix system and a
> username and password stored in Active Directory (that isn't expired, or
> locked, or anything else weird), pam_krb5 works like a charm to authenticate
> the user using Kerberos v5.
>
> FYI, pam_ldap also has major short comings when it comes to handling these
> special cases (e.g. password expirations, etc).
>
> We are planning to begin work on our own module called pam_ad that will be
> designed specifically to integrate Kerberos and LDAP for the purpose of
> authenticating and handling accounting against Active Directory.
>
> -- Digant
>
> > -----Original Message-----
> > From: Jerome Walter [mailto:walter+SP at M.efrei.fr]
> > Sent: Thursday, May 01, 2003 4:04 PM
> > To: kerberos at MIT.EDU
> > Subject: Unify Unix and NT accounts with kerberos
> >
> >
> > Good evening everyone,
> >
> > I have been asked to study and implement a technology to
> > unify accounts and data between NT (2000), Unix (Solaris) and
> > GNU/Linux stations.
> >
> > For the moment, i think Kerberos would be the best (the only
> > one ?) solution to have the same password between NT and
> > Unix, is it true ?
> >
> > Am i wrong or anyone have ever had problems trying to use
> > samba + Kerberos to get a domain for NT stations "compatible"
> > with GNU/Linux and Unix ?
> >
> >
> > Could you please give me advices about KDC to use, points to
> > be careful of or any other way to have these passwords synced
> > without authenticating Unix stations over the Windows domain.
> >
> > Best regards,
> >
> >
> > Jerome Walter
> >
> > --
> > -+-- Jérôme Walter - I2 EFREI ----+-
> > Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus
> > Tutors "The World is my country" - "Nihon no tomodachi desu"
> > EFREI System and Networking guide http://perso.efrei.fr/~walter/
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list