I don't know how cooperative your AD staff are, but we were able to ask ours
for a service user to be added with a non-expiring password.  We then used
that service user with Sun's Identity Synchronization for Windows product to
sync with our own independent LDAP tree.  The ISW product is pretty old now,
but it still basically gets the job done (it doesn't need anything to be
installed on the Windows side).  We then use Kerberos for actual user
authentication, which also does not require anything at all to be done on
the Windows side.  However, I don't know if a traditional UNIX login scheme
would work for what you are trying to do.  I'd be interested to know what
solution you come up with since it sounds like something we might use here
too, if there is a good solution for sharing kiosks between users and
guests.

William Yang

> -----Original Message-----
> From: [email protected] [mailto:sunray-users-
> [email protected]] On Behalf Of CJ Keist
> Sent: Thursday, February 26, 2009 6:15 PM
> To: SunRay-Users mailing list
> Subject: Re: [SunRay-Users] User password info with AMGH
> 
> Bob,
>     Thanks for the reply.  This is the situation that has come down the
> pipes.  We have sun kiosk stations around campus set up as open with
> just a web browser running.  They now want to authenticate users before
> giving them a kiosk session.  This is to cut down the number of
> non-student types camping out at the kiosk stations.
>     The problem I have is all central user accounts here are stored in
> Windows AD.  The central IT folks will not touch AD.  So no NIS UNIX
> extensions, and no third party app to sync AD with UNIX LDAP server.  So
> only option I have is a web auth tool the central IT folks have for me
> to use. Hence why I was asking if AMGH could get password info.
>     Is there a way to evoke a AMGH style redirect to a DTU from say my
> own little Java app that could be run in the kiosk session?  My java app
> would prompt for the user name password and then I can use the web auth
> tools to authenticate and then redirect to a kiosk server if pass, or a
> more internet restricted kiosk server if not.
> 
> 
> 
> Bob Doolittle wrote:
> > CJ Keist wrote:
> >> Is it possible to get user password with AMGH?  Right now it looks
> >> like AMGH scripts get called when you have user name but no password
> >> info. Is there way to get user password info using AMGH?
> >
> > No. That seems like a very bad idea from a security POV. You might
> > almost as well use Kiosk mode, or disable passwords.
> >
> > -Bob
> >
> > _______________________________________________
> > SunRay-Users mailing list
> > [email protected]
> > http://www.filibeto.org/mailman/listinfo/sunray-users
> 
> --
> C. J. Keist                     Email: [email protected]
> UNIX/Network Manager            Phone: 970-491-0630
> Engineering Network Services    Fax:   970-491-5569
> College of Engineering, CSU
> Ft. Collins, CO 80523-1301
> 
> All I want is a chance to prove 'Money can't buy happiness'

_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

Reply via email to