Unify Unix and NT accounts with kerberos
Lawrence MacIntyre
lpz at ornl.gov
Tue May 27 13:34:02 EDT 2003
You obviously are in need of one of these...
On Mon, 2003-05-26 at 11:42, Kurpas Ban wrote:
> It's EASY
>
> http://www.sco.com/products/authentication
>
>
> digant at uta.edu (Digant Kasundra) wrote in message news:<BB48F73042D29D41A033A684D5FBB98405DCBA7F at exchange.uta.edu>...
> > At University of Texas at Arlington, we're still working on a similar task
> > to provide a single username and password to students on all 4 of our
> > platforms (Windows, Linux, Tru64, and Solaris).
> >
> > So far, we have done testing with Kerberos and LDAP to authenticate Unix
> > users against Active Directory. The results have been okay, but not
> > acceptable.
> >
> > Speaking of Kerberos specifically, we tested with Linux against Active
> > Directory and were able to authenticate users without a problem. But, for
> > instance, if the person's password had expired, the pam_krb5 module was
> > unable to recognize this during the accounting part (it would recognize it
> > during the authentication part but based on PAM standards, asking a user to
> > change their password should be done in the accounting part).
> >
> > But for the normal case where a user has an account on a Unix system and a
> > username and password stored in Active Directory (that isn't expired, or
> > locked, or anything else weird), pam_krb5 works like a charm to authenticate
> > the user using Kerberos v5.
> >
> > FYI, pam_ldap also has major short comings when it comes to handling these
> > special cases (e.g. password expirations, etc).
> >
> > We are planning to begin work on our own module called pam_ad that will be
> > designed specifically to integrate Kerberos and LDAP for the purpose of
> > authenticating and handling accounting against Active Directory.
> >
> > -- Digant
> >
> > > -----Original Message-----
> > > From: Jerome Walter [mailto:walter+SP at M.efrei.fr]
> > > Sent: Thursday, May 01, 2003 4:04 PM
> > > To: kerberos at MIT.EDU
> > > Subject: Unify Unix and NT accounts with kerberos
> > >
> > >
> > > Good evening everyone,
> > >
> > > I have been asked to study and implement a technology to
> > > unify accounts and data between NT (2000), Unix (Solaris) and
> > > GNU/Linux stations.
> > >
> > > For the moment, i think Kerberos would be the best (the only
> > > one ?) solution to have the same password between NT and
> > > Unix, is it true ?
> > >
> > > Am i wrong or anyone have ever had problems trying to use
> > > samba + Kerberos to get a domain for NT stations "compatible"
> > > with GNU/Linux and Unix ?
> > >
> > >
> > > Could you please give me advices about KDC to use, points to
> > > be careful of or any other way to have these passwords synced
> > > without authenticating Unix stations over the Windows domain.
> > >
> > > Best regards,
> > >
> > >
> > > Jerome Walter
> > >
> > > --
> > > -+-- Jérôme Walter - I2 EFREI ----+-
> > > Equipe Système - Efrei Robotique - Jap'Efrei - Erasmus
> > > Tutors "The World is my country" - "Nihon no tomodachi desu"
> > > EFREI System and Networking guide http://perso.efrei.fr/~walter/
> > > ________________________________________________
> > > Kerberos mailing list Kerberos at mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> > >
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Lawrence MacIntyre <lpz at ornl.gov>
High Performance Information Infrastructure Technology Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: non-sco.png
Type: image/png
Size: 1358 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20030527/462b21a3/attachment.png
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20030527/462b21a3/attachment.bin
More information about the Kerberos
mailing list