[olug] RE: Topic for next meeting

Bob McCoy bob at mccoy.net
Thu Aug 28 19:51:52 UTC 2003


If there's enough interest, I'd be willing to give my presentation from
the CERT Conference.  It's about using Kerberos and LDAP for
cross-platform authentication.

Here are some of the things you may want to weigh:
- This is not a "roll your own" or free solution.  It's based on Vintela
Authentication Service (VAS) <http://www.center7.com/us/products/vas/>.
Check out the reviewer's guide for a quick overview.
- It uses Active Directory as its credential store.
- It currently supports Linux and Solaris.
- It only takes about 15 minutes to get the whole thing up and running
-- AD schema extended, agent installed on the UNIX box, UNIX box joined
to the domain, AD user attributes updated as necessary, AD user logged
into UNIX box (all that with the AD user never having logged into the
UNIX box before, created its home directory on the fly, and no reboots).
- It makes very efficient use of PAM and NSSwitch.

However, if it must be an Open Source solution, or you find the use of
AD as your credential store untenable, then this is not the solution for
you.

By the way, one of the principals involved in VAS is John Terpstra.  He
is a member of the Open Group and has been a major contributor to Samba
over the years.

Let me know.  Bob.


-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of
Jay Hannah
Sent: Thursday, August 28, 2003 1:56 PM
To: Omaha Linux User Group
Subject: Re: [olug] RE: Topic for next meeting



We, too, remain interested in enterprise-wide authentication. Based on
conversations I've had LDAP comes closest, but doesn't stop Windoze
users from changing their password on their local Windoze box, an update
which fails to flow to LDAP, making things out of sync again. (That's
2nd hand info. I've never played w/ Windoze authenticating w/ LDAP.)

In a nutshell, enterprise authenticaion* remains a mystery to me and I'd
love to see some light shed on it.

* One solution for Linux + AIX + Solaris + Windoze 98/NT/2000/XP

j


On 28 Aug 2003, Ryan O'Rourke wrote:
> On Thu, 2003-08-28 at 13:05, Daniel Pfile wrote:
>
> > Sure, it's sort of simple, if you know your way around LDAP, but how

> > many people do?
>
> I'm curious about this because I'm currently working on expunging the 
> Windows NT domain authentication model in place on my network and 
> replacing it with a Linux / OpenSource solution. If very few people 
> understand LDAP, what are they using for "domain wide" authentication?

> I thought LDAP was pretty much the only way in Linux.
>
> -- Ryan

_______________________________________________
OLUG mailing list
OLUG at olug.org
http://lists.olug.org/mailman/listinfo/olug



More information about the OLUG mailing list