RE: [ActiveDir] AD and LDAP and single sign on for UNIX

Tue, 17 Dec 2002 10:55:19 -0800 

Using SFU is probably the most clear path to integration.  However that
tool allows Unix machines to authenticate against AD, not necessarily the
other way around I think.  The PDF that was posted is good reading.  It
indicates that LDAP is NOT an authentication protocol.  They chose to build
a system, which has good design but requires C++ programming and it is not
future proof.

There are password synching tools and metadirectories but these still
require separate login processes for each directory.

I have wrestled with the concept myself and a clear victory was not
achieved.

One difficulty is in getting servers and clients to honor the same
token/credential set after login.  So the user does not have to log in
again and again.  Kerberos was hoped to be that mechanism  (at least
between NT and UNIX) but the MS implementation is somewhat proprietary.
There is a way to make it work.  But it was not worth the effort for our
use.




                                                                                       
                                               
                      Roger Seielstad                                                  
                                               
                      <roger.seielstad@inovis        To:       
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>        
                      .com>                          cc:                               
                                               
                      Sent by:                       Subject:  RE: [ActiveDir] AD and 
LDAP and single sign on for UNIX                
                      [EMAIL PROTECTED]                                          
                                               
                      tivedir.org                                                      
                                               
                                                                                       
                                               
                                                                                       
                                               
                      12/17/2002 06:56 AM                                              
                                               
                      Please respond to                                                
                                               
                      ActiveDir                                                        
                                               
                                                                                       
                                               
                                                                                       
                                               




As with many things, it depends. Between things like Services for Unix
(from
MS) and some competitors, there are password sync capabilities.

There is a Technet article on getting Solaris (version 8) to authenticate
via Kerberos against AD.

------------------------------------------------------
Roger D. Seielstad - MCSE
Sr. Systems Administrator
Inovis - Formerly Harbinger and Extricity
Atlanta, GA


> -----Original Message-----
> From: Byrne, Steve [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 16, 2002 9:51 PM
> To: '[EMAIL PROTECTED]'
> Subject: [ActiveDir] AD and LDAP and single sign on for UNIX
>
>
> Is it possible to get our users to authenticate to our UNIX
> boxes using their AD account? I was hoping I could use LDAP
>
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/





List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to