Looking for suggestion on authentication method for UNIX/Windows Post: 302996175

Sponsored Content

Special Forums Cybersecurity Looking for suggestion on authentication method for UNIX/Windows Post 302996175 by solaris_1977 on Thursday 20th of April 2017 09:19:35 PM

04-20-2017

Registered User

Looking for suggestion on authentication method for UNIX/Windows

Hello,

We have mid level infrastructure of all on-premises servers. All windows servers are getting authenticated by Microsoft Active Directory Services, half Unix (Solaris+Linux) servers are getting authentication by NIS and other half by LDAP.

We have plans to migrate from NIS to LDAP, so going forward it will all LDAP and Microsoft AD.
Recently we started looking into hosting our few servers on AWS and that made us looking into different prospective.

We are not going to build new/another AD on AWS, but we will use our on-primises directory services for authentication.
Will it be a good approch to integrate LDAP with AD, so that single sign-on can be achieved ?
Or most people will prefer to keep UNIX authentication by LDAP and Windows authentication by Microsoft AD ?
Should I consider any pros or cons with either of these solutions ?
As of now, we are planning to put dashboard application on AWS with two tomcat (web servers) servers, two DB servers. But going forward, this environment will grow with further migrations.

I understand that it is not break-fix question and it is more of consulting question. People who have knowlegde of similar kind of setup, can give me some idea.

I want suggestions from you guys, what can be best possible ways to achieve our goal. I can research in details, but I am looking for high level plan.

If this is not related to correct forum, please move it to appropriate place.

Regards

solaris_1977

View Public Profile for solaris_1977

Find all posts by solaris_1977

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Suggestion: Alternative OS for Windows - Totally Clueless on Unix/Linux OS

Can anyone tell me a good alternative to Windows? OS that can connect to a Windows domain and use for everyday (can use with Oracle). Easy to learn.

2. Windows & DOS: Issues & Discussions

Windows AD for Unix authentication

I am not an expert in Unix at all. My knowledge of Unix is average. We have a couple of Unix servers, Solaris and Linux, which run mostly web servers, and Oracle databases. Currently users have multiple user IDs for Unix and AD applications. Is it possible to make use of the Windows Active...

3. AIX

AIX: How to check which authentication method we are using for a user?

In /etc/security/user, we can set which authentication method we use for each user. for example: test: admin = false rlogin = false SYSTEM = "NONE" I want to test whether SYSTEM=NONE (without ") is acceptable. How can I verify it? and How can we check which...

4. Solaris

Identify which authentication method was used at logon

Experts, Is there any way to know which authentication method the user used to login into the box? I mean, is possible to identify if an active user had logged using keys or password for example? Let me clarify: we have a script that we want to allow users to execute only if they have used...

5. IP Networking

Cygwin remote ssh with key authentication method

Hi experts, I am not sure in which forum to submit this question. If this is not the correct place then please let me know where to submit this thread. My requirement is to invoke windows batch scripts from linux shell script. Hence, I have installed openssh in Cygwin on the windows machine....

LEARN ABOUT MOJAVE

nisauthconf

nisauthconf(1M) 					  System Administration Commands					   nisauthconf(1M)

NAME

       nisauthconf - configure NIS+ security

SYNOPSIS

       nisauthconf [-v] [mechanism,...]

DESCRIPTION

       nisauthconf  controls  which authentication flavors NIS+ should use when communicating with other NIS+ clients and servers.  If the command
       is not executed, then NIS+ will default to the AUTH_DES authentication flavor when running security level 2. See rpc.nisd(1M).

       nisauthconf takes a list of authentication mechanism's in order of preference.  An authentication mechanism may use one or more authentica-
       tion  flavors  listed  below.  If des is the only specified mechanism, then NIS+ only use AUTH_DES with other NIS+ clients and servers.	If
       des is the first mechanism, then other authentication mechanism's after des will be ignored  by	NIS+,  except  for  nisaddcred(1M).  After
       changing  the  mechanism  configuration, the keyserv(1M) daemon must be restarted. Note that doing so will remove encryption keys stored by
       the running keyserv process. This means that a reboot usually is the safest option when the mechanism configuration has been changed.

       The following mechanisms are available:

       +-----------------------------+-----------------------------+
       | Authentication mechanism    |	 Authentication Flavor	   |
       +-----------------------------+-----------------------------+
       |des			     |AUTH_DES			   |
       +-----------------------------+-----------------------------+
       |dh640-0 		     |RPCSEC_GSS  using   640-bit  |
       |			     |Diffie-Hellman keys	   |
       +-----------------------------+-----------------------------+
       |dh1024-0		     |RPCSEC_GSS  using  1024-bit  |
       |			     |Diffie-Hellman keys	   |
       +-----------------------------+-----------------------------+
       If no mechanisms are specified, then a list of currently configured mechanisms is printed.

OPTIONS

       -v	Displays a verbose table listing the currently configured authentication mechanisms.

EXAMPLES

       Example 1: Configuring a System with only RPCSEC_GSS Authentication Flavor

       To configure a system to use only the RPCSEC_GSS authentication flavor with 640-bit Diffie-Hellman keys, execute the following as root:

       example# /usr/lib/nis/nisauthconf dh640-0

       Example 2: Configuring a System with both RPCSEC_GSS and AUTH_DES Authentication Flavors

       To configure a system to use both RPCSEC_GSS (with 640-bit Diffie-Hellman keys) and AUTH_DES authentication flavors:

       example# /usr/lib/nis/nisauthconf dh640-0 des

       Example 3: Transitioning to Other Authentication Flavors

       The following example can be used while adding credentials for a new mechanism before NIS+ is authenticating with the new mechanism:

       example#  /usr/lib/nis/nisauthconf des dh640-0

       Note that except for nisaddcred(1M), NIS+ will not use mechanisms that follow 'des.'

EXIT STATUS

       The following exit values are returned:

       0	Successful completion.

       1	An error occurred.

FILES

       /etc/rpcsec/nisplussec.conf

	   NIS+ authentication configuration file. This file may change or be removed in future versions of Solaris.

ATTRIBUTES

       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnisu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       nis+(1), keyserv(1M), nisaddcred(1M), rpc.nisd(1M), attributes(5)

NOTES

       A NIS+ client of a server that is configured for either dh640-0 or dh1024-0 must run Solaris 7 or later, even if the server is also config-
       ured with des.

       NIS+  might  not  be  supported in future releases of the SolarisTM Operating Environment. Tools to aid the migration from NIS+ to LDAP are
       available in the Solaris 9 operating environment. For more information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.10							    12 Dec 2001 						   nisauthconf(1M)