Unix/Linux Go Back    

Looking for suggestion on authentication method for UNIX/Windows


Kindly Note - This is a Single User Post by Forum Member Scrutinizer Regarding:
Looking for suggestion on authentication method for UNIX/Windows.
Please Follow The Primary Link Above to View the Full Discussion.

Old Unix and Linux 04-21-2017
Scrutinizer's Unix or Linux Image
Scrutinizer Scrutinizer is offline Forum Staff  
Join Date: Nov 2008
Last Activity: 21 October 2017, 8:18 PM EDT
Location: Amsterdam
Posts: 11,573
Thanks: 510
Thanked 3,355 Times in 2,959 Posts
AD is essentially LDAP + Kerberos, so in itself there is nothing wrong with using AD, but it uses a proprietary schema. In order for it to be truly useful for unix/linux hosts, if you need anything more than just authentication, it would be best to import the rfc2307/rfc2307bis schema into AD. So AD can be used as LDAP for Unix/Linux hosts.

An alternative is to have two directories (AD and a separate LDAP) with some kind of sync mechanism...

Then there is the client side. With Single Signon, do you mean that you need to authenticate once and then use a ticket further on. Then you need to use (AD) Kerberos / gssapi. Some linux clients in addition can also do SSO without gssapi through sssd (also against AD), but Solaris cannot. If you mean with SSO that the password is the same for all platforms, then an alternative would be to use TLS/LDAP on Unix/Linux clients.

It all really depends on your situation..

Last edited by Scrutinizer; 04-21-2017 at 02:58 AM..
The Following User Says Thank You to Scrutinizer For This Useful Post:
solaris_1977 (04-23-2017)