Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Looking for suggestion on authentication method for UNIX/Windows
Special Forums Cybersecurity Looking for suggestion on authentication method for UNIX/Windows Post 302996179 by Scrutinizer on Friday 21st of April 2017 02:50:41 AM
Old 04-21-2017
AD is essentially LDAP + Kerberos, so in itself there is nothing wrong with using AD, but it uses a proprietary schema. In order for it to be truly useful for unix/linux hosts, if you need anything more than just authentication, it would be best to import the rfc2307/rfc2307bis schema into AD. So AD can be used as LDAP for Unix/Linux hosts.

An alternative is to have two directories (AD and a separate LDAP) with some kind of sync mechanism...

Then there is the client side. With Single Signon, do you mean that you need to authenticate once and then use a ticket further on. Then you need to use (AD) Kerberos / gssapi. Some linux clients in addition can also do SSO without gssapi through sssd (also against AD), but Solaris cannot. If you mean with SSO that the password is the same for all platforms, then an alternative would be to use TLS/LDAP on Unix/Linux clients.

It all really depends on your situation..
Last edited by Scrutinizer; 04-21-2017 at 03:58 AM..
This User Gave Thanks to Scrutinizer For This Post:
solaris_1977
 

5 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Suggestion: Alternative OS for Windows - Totally Clueless on Unix/Linux OS

Can anyone tell me a good alternative to Windows? OS that can connect to a Windows domain and use for everyday (can use with Oracle). Easy to learn. (4 Replies)
Discussion started by: genesisX
4 Replies

2. Windows & DOS: Issues & Discussions

Windows AD for Unix authentication

I am not an expert in Unix at all. My knowledge of Unix is average. We have a couple of Unix servers, Solaris and Linux, which run mostly web servers, and Oracle databases. Currently users have multiple user IDs for Unix and AD applications. Is it possible to make use of the Windows Active... (2 Replies)
Discussion started by: speriya
2 Replies

3. AIX

AIX: How to check which authentication method we are using for a user?

In /etc/security/user, we can set which authentication method we use for each user. for example: test: admin = false rlogin = false SYSTEM = "NONE" I want to test whether SYSTEM=NONE (without ") is acceptable. How can I verify it? and How can we check which... (1 Reply)
Discussion started by: quanba
1 Replies

4. Solaris

Identify which authentication method was used at logon

Experts, Is there any way to know which authentication method the user used to login into the box? I mean, is possible to identify if an active user had logged using keys or password for example? Let me clarify: we have a script that we want to allow users to execute only if they have used... (2 Replies)
Discussion started by: fmattos
2 Replies

5. IP Networking

Cygwin remote ssh with key authentication method

Hi experts, I am not sure in which forum to submit this question. If this is not the correct place then please let me know where to submit this thread. My requirement is to invoke windows batch scripts from linux shell script. Hence, I have installed openssh in Cygwin on the windows machine.... (2 Replies)
Discussion started by: ahmedwaseem2000
2 Replies

LEARN ABOUT CENTOS

lusermod

lusermod(1)						      General Commands Manual						       lusermod(1)

NAME

       lusermod - Modify an user

SYNOPSIS

       lusermod [OPTION]... user

DESCRIPTION

       Modifies the user with name user.

OPTIONS

       -c, --gecos=gecos
	      Set user's GECOS field to gecos.	The GECOS field is traditionally used to store user's real name and other information.

       -d, --directory=directory
	      Set user's home directory to directory.

       -g, --gid=gid
	      Change  user's  primary  group ID to gid.  If group with ID gid does not exist, a warning is printed, but the operation is performed
	      anyway.

       -i, --interactive
	      Ask all questions when connecting to the user database, even if default answers are set up in libuser configuration.

       -L, --lock
	      Lock user's account.  This prevents logging in using user's password.

       -l, --login=name
	      Rename user to name.

       -m, --movedirectory
	      After changing user's home directory (using the -d option), move the old home directory to the new location.

       -P, --plainpassword=password
	      Set user's password to password.	Note that the password can be viewed while running lusermod using tools such as ps(1).

       -p, --password=encrypted
	      Set user's password to the password represented by the hash encrypted.  Note that the hash can  be  viewed  while  running  lusermod
	      using tools such as ps(1).

       -s, --shell=shell
	      Set user's login shell to shell.

       -U, --unlock
	      Unlock user's account.

       -u, --uid=uid
	      Change user's user ID to uid.

       --commonname=name
	      Set user's common name to name.  This attribute is only supported in some backends (e.g.LDAP), and its support may have further lim-
	      itations (e.g. LDAP schema rules).

       --givenname=name
	      Set user's given name to name.  This attribute is only supported in some backends (e.g.LDAP), and its support may have further limi-
	      tations (e.g. LDAP schema rules).

       --homephone=phone
	      Set  user's  home telephone number to phone.  This attribute is only supported in some backends (e.g.LDAP), and its support may have
	      further limitations (e.g. LDAP schema rules).

       --roomnumber=room
	      Set user's room number to room.  This attribute is only supported in some backends (e.g.LDAP), and its support may have further lim-
	      itations (e.g. LDAP schema rules).

       --surname=name
	      Set  user's surname to name.  This attribute is only supported in some backends (e.g.LDAP), and its support may have further limita-
	      tions (e.g. LDAP schema rules).

       --telephonenumber=phone
	      Set user's telephone number to phone.  This attribute is only supported in some backends (e.g.LDAP), and its support may	have  fur-
	      ther limitations (e.g. LDAP schema rules).

EXIT STATUS

       The exit status is 0 on success, nonzero on error.

libuser 							    2009-12-11							       lusermod(1)
All times are GMT -4. The time now is 02:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy