I think I agree with Joe and others here that them trying to configure cross-platform Kerberos is not going to be an option for them. I've asked Darren offline for contacts for Quest... Sorry Jackson, just saw that you have a Quest address too :)
Thanks everyone for your input! Rich ----------------------------------------------------------------------- Rich Milburn MCSE, Microsoft MVP - Directory Services Sr Network Analyst, Field Platform Development Applebee's International, Inc. 4551 W. 107th St Overland Park, KS 66207 913-967-2819 ---------------------------------------------------------------------- "I love the smell of red herrings in the morning" - anonymous -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, March 16, 2006 8:25 AM To: [email protected] Subject: RE: [ActiveDir] Access DB2 on AIX with AD credentials Right and to take it a step further, we're not just talking about AIX integration in AD here--we are also talking about DB2 integration. Most databases provide their own security model, separate from the OS. If its SQL Server, you have the option to have AD provide auth. Each of the other major database platforms typically provide their own, table-based mechanism for authentication and authorization. In the case of DB2, I know we (Quest/Vintela) had to do some extra work, as Jackson mentioned, to provide the AD support. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 16, 2006 6:14 AM To: [email protected] Subject: RE: [ActiveDir] Access DB2 on AIX with AD credentials Agreed, kerberos integration can be a pain. With W2K MS made it seem a lot easier than it actually is due to its deep integration and the fact that admins and users don't really have to think anything about it. The story isn't the same on other platforms in the slightest. Things are usually doable, it is just a matter of how much time/money are people willing to invest to make it work. It is usally far easier/better to look at the packages from the folks who have taken the time to work this out. That being Vintela (now Quest) and Centrify. joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darren Mar-Elia Sent: Thursday, March 16, 2006 8:57 AM To: [email protected] Subject: RE: [ActiveDir] Access DB2 on AIX with AD credentials In theory, but it is not as easy as, "its supports Kerberos so it supports AD auth.". Would be nice though :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: Thursday, March 16, 2006 12:16 AM To: [email protected] Subject: Re: [ActiveDir] Access DB2 on AIX with AD credentials Darren Mar-Elia wrote: > RACF is a mainframe security package, so unless AIX is running on a > partition on Z-series hardware, my guess is it uses good old Unix > security. OS, so if it supports Kerberos it would be good approach as joe said. -- Tomasz Onyszko http://www.w2k.pl/blog/ - (PL) http://blogs.dirteam.com/blogs/tomek/ - (EN) List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
