Unify Unix and NT accounts with kerberos

Kurpas Ban kurpasban at yahoo.com
Mon May 26 11:42:14 EDT 2003


It's EASY

http://www.sco.com/products/authentication


digant at uta.edu (Digant Kasundra) wrote in message news:<BB48F73042D29D41A033A684D5FBB98405DCBA7F at exchange.uta.edu>...
> At University of Texas at Arlington, we're still working on a similar task
> to provide a single username and password to students on all 4 of our
> platforms (Windows, Linux, Tru64, and Solaris).
> 
> So far, we have done testing with Kerberos and LDAP to authenticate Unix
> users against Active Directory.  The results have been okay, but not
> acceptable.  
> 
> Speaking of Kerberos specifically, we tested with Linux against Active
> Directory and were able to authenticate users without a problem.  But, for
> instance, if the person's password had expired, the pam_krb5 module was
> unable to recognize this during the accounting part (it would recognize it
> during the authentication part but based on PAM standards, asking a user to
> change their password should be done in the accounting part).
> 
> But for the normal case where a user has an account on a Unix system and a
> username and password stored in Active Directory (that isn't expired, or
> locked, or anything else weird), pam_krb5 works like a charm to authenticate
> the user using Kerberos v5.
> 
> FYI, pam_ldap also has major short comings when it comes to handling these
> special cases (e.g. password expirations, etc).
> 
> We are planning to begin work on our own module called pam_ad that will be
> designed specifically to integrate Kerberos and LDAP for the purpose of
> authenticating and handling accounting against Active Directory.
> 
> -- Digant
> 
> > -----Original Message-----
> > From: Jerome Walter [mailto:walter+SP at M.efrei.fr] 
> > Sent: Thursday, May 01, 2003 4:04 PM
> > To: kerberos at MIT.EDU
> > Subject: Unify Unix and NT accounts with kerberos
> > 
> > 
> > Good evening everyone,
> > 
> > I have been asked to study and implement a technology to 
> > unify accounts and data between NT (2000), Unix (Solaris) and 
> > GNU/Linux stations.
> > 
> > For the moment, i think Kerberos would be the best (the only 
> > one ?) solution to have the same password between NT and 
> > Unix, is it true ?
> > 
> > Am i wrong or anyone have ever had problems trying to use 
> > samba + Kerberos to get a domain for NT stations "compatible" 
> > with GNU/Linux and Unix ?
> > 
> > 
> > Could you please give me advices about KDC to use, points to 
> > be careful of or any other way to have these passwords synced 
> > without authenticating Unix stations over the Windows domain.
> > 
> > Best regards,
> > 
> > 
> > Jerome Walter
> > 
> > -- 
> > -+--   Jérôme Walter - 	I2 EFREI		          ----+-
> >  Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus 
> > Tutors  "The World is my country" - "Nihon no tomodachi desu" 
> > EFREI System and Networking guide http://perso.efrei.fr/~walter/  
> > ________________________________________________
> > Kerberos mailing list           Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> > 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list