RE: [ActiveDir] Solaris authentication

Tue, 03 May 2005 06:47:36 -0700

Title: RE: [ActiveDir] Ocra
We are doing the same thing here.  Although it is just using SFU on the DC's and having them replicate password changes to the nis server.  SFU fills our error logs on the DC, but it works fine.  I have not however seen the *nix kerberos to AD password synch work before. 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Olegario, Alan
Sent: Tuesday, May 03, 2005 7:52 AM
To: [email protected]
Subject: RE: [ActiveDir] Solaris authentication

In a previous job, I’ve been able to configure users on our Solaris/Linux boxes to authenticate against AD via kerb without purchasing any additional products.

 

First, you would need to configure the Kerberos client on the *nix box to talk to your AD domain.

 

Then, depending on the service you want the users to authenticate to, i.e. ssh, samba, ftp, and as long as there’s a PAM module for the service, you configure the service to use the Kerberos client.

 

That’s pretty much it in a nutshell.

 

If you do a Google search for the words ‘configure kerberos pam active directory’, you’ll find a lot of documents on how to configure this setup.

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Tuesday, May 03, 2005 7:11 AM
To: [email protected]
Subject: RE: [ActiveDir] Solaris authentication

 

The directions you reference on the sunone site make it look to me like it's an LDAP bind.  Best way to know for sure would be to trace it on the network to see what is passed.  If ldap bind, be sure to use some sort of encryption such as SSL.

 

I'm curious what the requirement here is?  If just to allow solaris to authenticate via kerb with AD and allow AD users to login to solaris workstations, have you considered a product such as Centrify?  www.centrify.com

 

Far cry better and easier to implement.

 

I'm interested in hearing what the requirements are though. The docs you referenced indicate a configuration that would be a PITA to manage in terms of reliability and effort IMHO.

 

Al

 

 

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Tuesday, May 03, 2005 3:20 AM
To: [email protected]
Subject: RE: [ActiveDir] Solaris authentication

I know someone doing auth from Solaris 9 and 10 against AD via Kerberos in production. I don’t know how they are populating /etc/passwd but can find out.

I’ve never used NIS against AD so couldn’t say what’s going on here.

 

~Eric

 

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long
Sent: Monday, May 02, 2005 7:26 PM
To: [email protected]
Subject: Solaris authentication

 

Anyone know if this is passed in plain text? If so, i dont see any advantage to this versus the NIS server in SFU. Seems that the *nix community is making no progress in the secure authentication arena if this is the case. Any ideas or thoughts?

 

 

The information contained in this email message may be privileged,
confidential, and protected from disclosure. Any unauthorized use, printing,
copying, disclosure, dissemination of or reliance upon this communication by
persons other than the intended recipient may be subject to legal restriction
or sanction. If you think that you have received this E-mail message in error,
please reply to the sender and delete this email promptly.

Reply via email to