>[EMAIL PROTECTED] wrote:
>>
>> Hello
>>
>> I am wanting to be able to change the password of an NT account and have
>> that information get updated to my Solaris server or be able to do it
>> the opposite direction ( Solaris updates Nt).
>>
>> Is there a way to change NT accounts and passwords from the command
>> line?
>>
Lots of good suggestions so far. I'll add a few others and
some background. THe main problem you are likely to run into
is that NT and Unix (solaris, linux, etc) both use a 1 way
hash to store the password. This is good. The problem is
that the one way hash, besides being irreversible, is completely
incompatible between the two. [ Even Linux has several
different implementations of one way hash: standard DES,
MD5, bigpass, etc ]
So, what do you do?
1) Provide a front end program (e.g. web based) that allows
users to change passwords via secure means (https), and then
generate the one way hashes on the fly and store them in
the relevant tables.
2) Have one of the systems use the mechanisms of the other.
Most of the messages I've seen so far focus on #2. Frankly,
I think it's the easier mechanism of the two.
previously mentioned solutions:
PAM on Solaris to authenticate to NT
LDAP (however, this doesn't really solve the problem because
you still need to store both hashes in LDAP which means
either 2 separate LDAP trees or one weirdly integrated one
with two encrypted password fields and other misc required
fields)
commercial off the shelf stuff (Tivoli, etc)
Others: NISgina - a pluggable mechanism into NT
that allows you to authenticate via NIS (not sure about
current status of this)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
