Unix/Linux Go Back    



Looking for suggestion on authentication method for UNIX/Windows

Security




Kindly Note - This is a Single User Post by Forum Member Scrutinizer Regarding:
Looking for suggestion on authentication method for UNIX/Windows.
Please Follow The Primary Link Above to View the Full Discussion.

   
Old Unix and Linux 5 Days Ago
Scrutinizer's Unix or Linux Image
Scrutinizer Scrutinizer is offline Forum Staff  
Moderator
 
Join Date: Nov 2008
Last Activity: 26 April 2017, 1:19 AM EDT
Location: Amsterdam
Posts: 11,400
Thanks: 487
Thanked 3,276 Times in 2,891 Posts
AD is essentially LDAP + Kerberos, so in itself there is nothing wrong with using AD, but it uses a proprietary schema. In order for it to be truly useful for unix/linux hosts, if you need anything more than just authentication, it would be best to import the rfc2307/rfc2307bis schema into AD. So AD can be used as LDAP for Unix/Linux hosts.

An alternative is to have two directories (AD and a separate LDAP) with some kind of sync mechanism...

Then there is the client side. With Single Signon, do you mean that you need to authenticate once and then use a ticket further on. Then you need to use (AD) Kerberos / gssapi. Some linux clients in addition can also do SSO without gssapi through sssd (also against AD), but Solaris cannot. If you mean with SSO that the password is the same for all platforms, then an alternative would be to use TLS/LDAP on Unix/Linux clients.

It all really depends on your situation..

Last edited by Scrutinizer; 5 Days Ago at 02:58 AM..
The Following User Says Thank You to Scrutinizer For This Useful Post:
solaris_1977 (2 Days Ago)