At 03:05 PM 11/22/2002 -0600, you wrote: >I have a question that has been bugging me for two years now. I know >Dustin has done some work in this area, but I am finding very little >info on the web. I would like to implement a single user authentication >scheme for Windows, Solaris and Linux. I am leaning towards LDAP, but >the implementation has to be secure and not use plain text passwords. I >think LDAP will do this using Kerberos or SSL.
First, keep in mind that Windows is a PAM-like system. You can replace GINA and integrate Windows into an NIS domain or whatever if you want. That requires a per-machine change though and your systems may not be fully supported by Microsoft at that point. Now, the question: Are you using an integrated system for your UNIX systems already? Would you like to integrate Windows into that? Or the other way around? What are you working with at this point? That would help. >Does anyone know of a book or web page that has information on how to do >this? Dustin, do you have any insight? Does the new version of Samba >do this? HELP! Samba comes with Winbind, which allows you to integrate any PAM-based UNIX system into a NT domain environment. You could also run a Samba PDC which relies on a LDAP directory that is in turn used to authenticate both UNIX and Windows users. I like Samba as a PDC, but you need to be careful when setting it up. There isn't native BDC support, so you have to mimic it with a homebrew solution. And no, there is no production code to integrate Samba into an AD environment at this time. But as 99% of AD environments are actually running in mixed-mode this is a non-issue so far. You can still fall-back on NT domain functionality in Samba. There are a few options out there. Do you have a budget for this? Hey, did you know that a Windows PDC can act as a NIS master? I believe this is supplied with Microsoft's UNIX toolkit. I haven't tried this yet though. --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
