Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Authentication and Authorization from Separate Domains
Top Forums UNIX for Advanced & Expert Users Authentication and Authorization from Separate Domains Post 302800229 by Wolvendeer on Monday 29th of April 2013 08:09:22 AM
Old 04-29-2013
Sun [Solved] Authentication and Authorization from Separate Domains
The company I work for is trying to implement Sudoers.LDAP to centralize their sudoers infrastructure so the access management team and compliance teams don't have to run ragged over all of our servers. The AD team decided it would be better to set up a separate LDAP server rather than put a new schema in our main AD domain, so we got an OpenLDAP server set up and ready to go for the project. Now, however, I'm being told by the Unix guys that it's not possible to have the user authentication pointing to one domain and the Sudoers authorization pointing to another domain and that we have to go back and have the schema put into the main domain.

Could one of you guys clarify on whether it is possible to point to one domain for authentication (user logins to the server) and a second for authorization (sudoers access)?
Last edited by Wolvendeer; 04-30-2013 at 09:43 AM..
 

8 More Discussions You Might Find Interesting

1. OS X (Apple)

root/admin authorization and PackageMaker

I am building an installable package (.pkg) with PackageMaker 1.1.11 (that's the one that comes with Panther). The package is for installing things both to /Applications and to some folders in /Library (/Library/StartupItems and a new folder that I'm putting in /Library). I do (obviously) not... (4 Replies)
Discussion started by: ropers
4 Replies

2. UNIX for Advanced & Expert Users

shh authorization problem

I have ssh setup on 2 boxes ( aix / linux ). building a batchjob i have made a plaintext key. I force the command in the authorized_keys file running from aix -> linux ssh -i ~/.ssh/batchkey user@remote works perfect but from linux -> aix it get the following debug1:... (1 Reply)
Discussion started by: progressdll
1 Replies

3. Linux

Assigning Authorization to a user

Hi, I created a user, however, l want this user to be able to configure some services in REd Hat 8.0 such changing of Network address which is exclusive to root super user. Unlike in Openserver or Unixware were you can assign authorization and privileges to user. I have not being able to figure... (5 Replies)
Discussion started by: kayode
5 Replies

4. Programming

C NTLM Authorization via HTTP

Greetings, I am writing a C socket application that needs NTLM authorization before it can post HTTP requests, and I am having trouble with NTLM authorization messages. :b: I've found the following urls extremely valuable for creating message functions: Davenport WebDAV-SMB Gateway... (1 Reply)
Discussion started by: edvin
1 Replies

5. UNIX for Advanced & Expert Users

LDAP Authentication AND Authorization

I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Discussion started by: scottsl
3 Replies

6. Red Hat

PAM configuration: Kerberos authentication and NIS authorization problem

Hi, I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS. The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies

7. BSD

problems with authorization via `xauth'

Dear all, I've got problems with X server authentication using `xauth'. The problem is, that I have my local computer running NetBSD 5.1 and a remote computer in LAN which is running Debian GNU Linux. During the login to my NetBSD computer `xdm' generates a magic cookie for my DISPLAY. Then I... (2 Replies)
Discussion started by: sidorenko
2 Replies

8. Web Development

Two separate domains - and files

Hi, I've been asked to 'troubleshoot' a webserver where two different TLDs are being served. Or to be more accurate, 'domain.com' and 'domain.fr'. So we have /var/www/domain.com /var/www/domain.fr And then for some reason, the httpd.conf file points to two different configuration files.... (1 Reply)
Discussion started by: davidm123SED
1 Replies

LEARN ABOUT DEBIAN

authen::simple::activedirectory

Authen::Simple::ActiveDirectory(3pm)			User Contributed Perl Documentation		      Authen::Simple::ActiveDirectory(3pm)

NAME

       Authen::Simple::ActiveDirectory - Simple ActiveDirectory authentication

SYNOPSIS

	   use Authen::Simple::ActiveDirectory;

	   my $ad = Authen::Simple::ActiveDirectory->new(
	       host	 => 'ad.company.com',
	       principal => 'company.com'
	   );

	   if ( $ad->authenticate( $username, $password ) ) {
	       # successfull authentication
	   }

	   # or as a mod_perl Authen handler

	   PerlModule Authen::Simple::Apache
	   PerlModule Authen::Simple::ActiveDirectory

	   PerlSetVar AuthenSimpleActiveDirectory_host	    "ad.company.com"
	   PerlSetVar AuthenSimpleActiveDirectory_principal "company.com"

	   <Location /protected>
	     PerlAuthenHandler Authen::Simple::ActiveDirectory
	     AuthType	       Basic
	     AuthName	       "Protected Area"
	     Require	       valid-user
	   </Location>

DESCRIPTION

       Authenticate against Active Directory.

       This implementation differs from Authen::Simple::LDAP in way that it will try to bind directly as the users principial.

METHODS

       o   new

	   This method takes a hash of parameters.  The following options are valid:

	   o	   host

		   Connection host, can be a hostname, IP number or a URI. Defaults to "localhost".

		       host => ldap.company.com
		       host => 10.0.0.1
		       host => ldap://ldap.company.com:389
		       host => ldaps://ldap.company.com

	   o	   port

		   Connection port, default to 389. May be overridden by host if host is a URI.

		       port => 389

	   o	   timeout

		   Connection timeout, defaults to 60.

		       timeout => 60

	   o	   principal

		   The suffix in users principal, usally the domain or forrest. Required.

		       principal => 'company.com'

	   o	   log

		   Any object that supports "debug", "info", "error" and "warn".

		       log => Log::Log4perl->get_logger('Authen::Simple::ActiveDirectory')

       o   authenticate( $username, $password )

	   Returns true on success and false on failure.

SEE ALSO

       Authen::Simple::LDAP.

       Authen::Simple.

       Net::LDAP.

AUTHOR

       Christian Hansen "chansen@cpan.org"

COPYRIGHT

       This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2012-04-23				      Authen::Simple::ActiveDirectory(3pm)
All times are GMT -4. The time now is 10:11 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy