04-21-2017
AD is essentially LDAP + Kerberos, so in itself there is nothing wrong with using AD, but it uses a proprietary schema. In order for it to be truly useful for unix/linux hosts, if you need anything more than just authentication, it would be best to import the rfc2307/rfc2307bis schema into AD. So AD can be used as LDAP for Unix/Linux hosts.
An alternative is to have two directories (AD and a separate LDAP) with some kind of sync mechanism...
Then there is the client side. With Single Signon, do you mean that you need to authenticate once and then use a ticket further on. Then you need to use (AD) Kerberos / gssapi. Some linux clients in addition can also do SSO without gssapi through sssd (also against AD), but Solaris cannot. If you mean with SSO that the password is the same for all platforms, then an alternative would be to use TLS/LDAP on Unix/Linux clients.
It all really depends on your situation..
Last edited by Scrutinizer; 04-21-2017 at 03:58 AM..
This User Gave Thanks to Scrutinizer For This Post:
5 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Can anyone tell me a good alternative to Windows? OS that can connect to a Windows domain and use for everyday (can use with Oracle). Easy to learn. (4 Replies)
Discussion started by: genesisX
4 Replies
2. Windows & DOS: Issues & Discussions
I am not an expert in Unix at all. My knowledge of Unix is average. We have a couple of Unix servers, Solaris and Linux, which run mostly web servers, and Oracle databases. Currently users have multiple user IDs for Unix and AD applications. Is it possible to make use of the Windows Active... (2 Replies)
Discussion started by: speriya
2 Replies
3. AIX
In /etc/security/user, we can set which authentication method we use for each user. for example:
test:
admin = false
rlogin = false
SYSTEM = "NONE"
I want to test whether SYSTEM=NONE (without ") is acceptable. How can I verify it? and How can we check which... (1 Reply)
Discussion started by: quanba
1 Replies
4. Solaris
Experts,
Is there any way to know which authentication method the user used to login into the box? I mean, is possible to identify if an active user had logged using keys or password for example?
Let me clarify: we have a script that we want to allow users to execute only if they have used... (2 Replies)
Discussion started by: fmattos
2 Replies
5. IP Networking
Hi experts,
I am not sure in which forum to submit this question. If this is not the correct place then please let me know where to submit this thread.
My requirement is to invoke windows batch scripts from linux shell script. Hence, I have installed openssh in Cygwin on the windows machine.... (2 Replies)
Discussion started by: ahmedwaseem2000
2 Replies
LEARN ABOUT CENTOS
lusermod
lusermod(1) General Commands Manual lusermod(1)
NAME
lusermod - Modify an user
SYNOPSIS
lusermod [OPTION]... user
DESCRIPTION
Modifies the user with name user.
OPTIONS
-c, --gecos=gecos
Set user's GECOS field to gecos. The GECOS field is traditionally used to store user's real name and other information.
-d, --directory=directory
Set user's home directory to directory.
-g, --gid=gid
Change user's primary group ID to gid. If group with ID gid does not exist, a warning is printed, but the operation is performed
anyway.
-i, --interactive
Ask all questions when connecting to the user database, even if default answers are set up in libuser configuration.
-L, --lock
Lock user's account. This prevents logging in using user's password.
-l, --login=name
Rename user to name.
-m, --movedirectory
After changing user's home directory (using the -d option), move the old home directory to the new location.
-P, --plainpassword=password
Set user's password to password. Note that the password can be viewed while running lusermod using tools such as ps(1).
-p, --password=encrypted
Set user's password to the password represented by the hash encrypted. Note that the hash can be viewed while running lusermod
using tools such as ps(1).
-s, --shell=shell
Set user's login shell to shell.
-U, --unlock
Unlock user's account.
-u, --uid=uid
Change user's user ID to uid.
--commonname=name
Set user's common name to name. This attribute is only supported in some backends (e.g.LDAP), and its support may have further lim-
itations (e.g. LDAP schema rules).
--givenname=name
Set user's given name to name. This attribute is only supported in some backends (e.g.LDAP), and its support may have further limi-
tations (e.g. LDAP schema rules).
--homephone=phone
Set user's home telephone number to phone. This attribute is only supported in some backends (e.g.LDAP), and its support may have
further limitations (e.g. LDAP schema rules).
--roomnumber=room
Set user's room number to room. This attribute is only supported in some backends (e.g.LDAP), and its support may have further lim-
itations (e.g. LDAP schema rules).
--surname=name
Set user's surname to name. This attribute is only supported in some backends (e.g.LDAP), and its support may have further limita-
tions (e.g. LDAP schema rules).
--telephonenumber=phone
Set user's telephone number to phone. This attribute is only supported in some backends (e.g.LDAP), and its support may have fur-
ther limitations (e.g. LDAP schema rules).
EXIT STATUS
The exit status is 0 on success, nonzero on error.
libuser 2009-12-11 lusermod(1)