I don't know how cooperative your AD staff are, but we were able to ask ours for a service user to be added with a non-expiring password. We then used that service user with Sun's Identity Synchronization for Windows product to sync with our own independent LDAP tree. The ISW product is pretty old now, but it still basically gets the job done (it doesn't need anything to be installed on the Windows side). We then use Kerberos for actual user authentication, which also does not require anything at all to be done on the Windows side. However, I don't know if a traditional UNIX login scheme would work for what you are trying to do. I'd be interested to know what solution you come up with since it sounds like something we might use here too, if there is a good solution for sharing kiosks between users and guests.
William Yang > -----Original Message----- > From: [email protected] [mailto:sunray-users- > [email protected]] On Behalf Of CJ Keist > Sent: Thursday, February 26, 2009 6:15 PM > To: SunRay-Users mailing list > Subject: Re: [SunRay-Users] User password info with AMGH > > Bob, > Thanks for the reply. This is the situation that has come down the > pipes. We have sun kiosk stations around campus set up as open with > just a web browser running. They now want to authenticate users before > giving them a kiosk session. This is to cut down the number of > non-student types camping out at the kiosk stations. > The problem I have is all central user accounts here are stored in > Windows AD. The central IT folks will not touch AD. So no NIS UNIX > extensions, and no third party app to sync AD with UNIX LDAP server. So > only option I have is a web auth tool the central IT folks have for me > to use. Hence why I was asking if AMGH could get password info. > Is there a way to evoke a AMGH style redirect to a DTU from say my > own little Java app that could be run in the kiosk session? My java app > would prompt for the user name password and then I can use the web auth > tools to authenticate and then redirect to a kiosk server if pass, or a > more internet restricted kiosk server if not. > > > > Bob Doolittle wrote: > > CJ Keist wrote: > >> Is it possible to get user password with AMGH? Right now it looks > >> like AMGH scripts get called when you have user name but no password > >> info. Is there way to get user password info using AMGH? > > > > No. That seems like a very bad idea from a security POV. You might > > almost as well use Kiosk mode, or disable passwords. > > > > -Bob > > > > _______________________________________________ > > SunRay-Users mailing list > > [email protected] > > http://www.filibeto.org/mailman/listinfo/sunray-users > > -- > C. J. Keist Email: [email protected] > UNIX/Network Manager Phone: 970-491-0630 > Engineering Network Services Fax: 970-491-5569 > College of Engineering, CSU > Ft. Collins, CO 80523-1301 > > All I want is a chance to prove 'Money can't buy happiness' _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
