Right and to take it a step further, we're not just talking about AIX integration in AD here--we are also talking about DB2 integration. Most databases provide their own security model, separate from the OS. If its SQL Server, you have the option to have AD provide auth. Each of the other major database platforms typically provide their own, table-based mechanism for authentication and authorization. In the case of DB2, I know we (Quest/Vintela) had to do some extra work, as Jackson mentioned, to provide the AD support.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 16, 2006 6:14 AM To: [email protected] Subject: RE: [ActiveDir] Access DB2 on AIX with AD credentials Agreed, kerberos integration can be a pain. With W2K MS made it seem a lot easier than it actually is due to its deep integration and the fact that admins and users don't really have to think anything about it. The story isn't the same on other platforms in the slightest. Things are usually doable, it is just a matter of how much time/money are people willing to invest to make it work. It is usally far easier/better to look at the packages from the folks who have taken the time to work this out. That being Vintela (now Quest) and Centrify. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, March 16, 2006 8:57 AM To: [email protected] Subject: RE: [ActiveDir] Access DB2 on AIX with AD credentials In theory, but it is not as easy as, "its supports Kerberos so it supports AD auth.". Would be nice though :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Thursday, March 16, 2006 12:16 AM To: [email protected] Subject: Re: [ActiveDir] Access DB2 on AIX with AD credentials Darren Mar-Elia wrote: > RACF is a mainframe security package, so unless AIX is running on a > partition on Z-series hardware, my guess is it uses good old Unix > security. OS, so if it supports Kerberos it would be good approach as joe said. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
