RE: [ActiveDir] Solaris authentication

[Olegario, Alan]

Title: RE: [ActiveDir] Ocra

In a previous job, I’ve been able to configure users on our Solaris/Linux boxes to authenticate against AD via kerb without purchasing any additional products.   First, you would need to configure the Kerberos client on the *nix box to talk to your AD domain.   Then, depending on the service you want the users to authenticate to, i.e. ssh, samba, ftp, and as long as there’s a PAM module for the service, you configure the service to use the Kerberos client.   That’s pretty much it in a nutshell.   If you do a Google search for the words ‘configure kerberos pam active directory’, you’ll find a lot of documents on how to configure this setup.   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Tuesday, May 03, 2005 7:11 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Solaris authentication   The directions you reference on the sunone site make it look to me like it's an LDAP bind.  Best way to know for sure would be to trace it on the network to see what is passed.  If ldap bind, be sure to use some sort of encryption such as SSL.   I'm curious what the requirement here is?  If just to allow solaris to authenticate via kerb with AD and allow AD users to login to solaris workstations, have you considered a product such as Centrify?  www.centrify.com   Far cry better and easier to implement.   I'm interested in hearing what the requirements are though. The docs you referenced indicate a configuration that would be a PITA to manage in terms of reliability and effort IMHO.   Al       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Tuesday, May 03, 2005 3:20 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Solaris authentication I know someone doing auth from Solaris 9 and 10 against AD via Kerberos in production. I don’t know how they are populating /etc/passwd but can find out. I’ve never used NIS against AD so couldn’t say what’s going on here.   ~Eric     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Monday, May 02, 2005 7:26 PM To: ActiveDir@mail.activedir.org Subject: Solaris authentication   Anyone know if this is passed in plain text? If so, i dont see any advantage to this versus the NIS server in SFU. Seems that the *nix community is making no progress in the secure authentication arena if this is the case. Any ideas or thoughts?   http://docs.sun.com/source/816-6775-10/a_activedirauth.html   The information contained in this email message may be privileged, confidential, and protected from disclosure. Any unauthorized use, printing, copying, disclosure, dissemination of or reliance upon this communication by persons other than the intended recipient may be subject to legal restriction or sanction. If you think that you have received this E-mail message in error, please reply to the sender and delete this email promptly.