Sponsored Content
Top Forums UNIX for Advanced & Expert Users Windows AD users authenticate to Linux Post 302998547 by Vit0_Corleone on Saturday 3rd of June 2017 12:39:29 PM
Old 06-03-2017
Windows AD users authenticate to Linux

Hello folks, Please advise me what is the best way to authenticate Windows AD users against Linux machines.

Currently I am going to take a look of Vintela Authentication Services and please let me know if you have experience with VIntela.
Thanks in advance
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

UNIX help for Windows users?

Is there any sort of documentation that translates windows commands into linux commands? ...just the basic stuff that you would do on your win PC translated to linux? For example in windows to configure your network card you would... Settings > Control Panel > Network Connections > Local... (3 Replies)
Discussion started by: TINO
3 Replies

2. AIX

Authenticate AIX users from MS Active Directory

First, let me start off saying this is not spam. This is me trying to help out other AIX Admins with MS AD servers. If it is not applicable to you, someone else will find it useful. As long as the "KDC" service is running on your AD server, these steps should work. There should be no... (3 Replies)
Discussion started by: kah00na
3 Replies

3. Linux

Using squid_db_auth to authenticate squid users against SQLite

Hi guys, Can we use squid_db_auth to authenticate squid users against SQLite database? I googled but all configurations are in MySQL. (0 Replies)
Discussion started by: majid.merkava
0 Replies

4. IP Networking

Linux Client To Authenticate using TACACS

I have customer who controls access to the internet via TACACS server, basically a PIX firewall uses authentication from the TACACS to say if traffic is allowed to pass out of the gateway. I can't find anything on how to configure a linux client of TACACS authentication only how to set up a linux... (1 Reply)
Discussion started by: metallica1973
1 Replies

5. Proxy Server

Solaris 11.1 login authenticate with windows active directory

Hi, is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory. Environment: Solaris 11.1 Windows 2012 Active Directory (3 Replies)
Discussion started by: freshmeat
3 Replies

6. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

7. UNIX for Beginners Questions & Answers

Seen Windows pc, having all the features of Linux, could exe, read and edit save like windows

Hi, totally new to linux base using windows when started learning and using computers. but i remember that one pc was there , look alike windows desktop, but could not do the task as windows just click and open and view edit etc. But, you could do a little differently even saving in and opening... (8 Replies)
Discussion started by: jraju
8 Replies
Catalyst::Authentication::Credential::Remote(3pm)	User Contributed Perl Documentation	 Catalyst::Authentication::Credential::Remote(3pm)

NAME
Catalyst::Authentication::Credential::Remote - Let the webserver (e.g. Apache) authenticate Catalyst application users SYNOPSIS
# in your MyApp.pm __PACKAGE__->config( 'Plugin::Authentication' => { default_realm => 'remoterealm', realms => { remoterealm => { credential => { class => 'Remote', allow_regexp => '^(user.*|admin|guest)$', deny_regexp => 'test', }, store => { class => 'Null', # if you want to have some additional user attributes # like user roles, user full name etc. you can specify # here the store where you keep this data } }, }, }, ); # in your Controller/Root.pm you can implement "auto-login" in this way sub begin : Private { my ( $self, $c ) = @_; unless ($c->user_exists) { # authenticate() for this module does not need any user info # as the username is taken from $c->req->remote_user and # password is not needed unless ($c->authenticate( {} )) { # return 403 forbidden or kick out the user in other way }; } } # or you can implement in any controller an ordinary login action like this sub login : Global { my ( $self, $c ) = @_; $c->authenticate( {} ); } DESCRIPTION
This module allows you to authenticate the users of your Catalyst application on underlaying webserver. The complete list of authentication method available via this module depends just on what your webserver (e.g. Apache, IIS, Lighttpd) is able to handle. Besides the common methods like HTTP Basic and Digest authentication you can also use sophisticated ones like so called "integrated authentication" via NTLM or Kerberos (popular in corporate intranet applications running in Windows Active Directory environment) or even the SSL authentication when users authenticate themself using their client SSL certificates. The main idea of this module is based on a fact that webserver passes the name of authenticated user into Catalyst application as REMOTE_USER variable (or in case of SSL client authentication in other variables like SSL_CLIENT_S_DN on Apache + mod_ssl) - from this point referenced as WEBUSER. This module simply takes this value - perfoms some optional checks (see below) - and if everything is OK the WEBUSER is declared as authenticated on Catalyst level. In fact this module does not perform any check for password or other credential; it simply believes the webserver that user was properly authenticated. CONFIG
class This config item is REQUIRED. class is part of the core Catalyst::Plugin::Authentication module, it contains the class name of the store to be used. The classname used for Credential. This is part of Catalyst::Plugin::Authentication and is the method by which Catalyst::Authentication::Credential::Remote is loaded as the credential validator. For this module to be used, this must be set to 'Remote'. source This config item is OPTIONAL - default is REMOTE_USER. source contains a name of a variable passed from webserver that contains the user identification. Supported values: REMOTE_USER, SSL_CLIENT_*, CERT_*, AUTH_USER BEWARE: Support for using different variables than REMOTE_USER does not work properly with Catalyst 5.8004 and before (if you want details see source code). Note1: Apache + mod_ssl uses SSL_CLIENT_S_DN, SSL_CLIENT_S_DN_* etc. (has to be enabled by 'SSLOption +StdEnvVars') or you can also let Apache make a copy of this value into REMOTE_USER (Apache option 'SSLUserName SSL_CLIENT_S_DN'). Note2: Microsoft IIS uses CERT_SUBJECT, CERT_SERIALNUMBER etc. for storing info about client authenticated via SSL certificate. AUTH_USER on IIS seems to have the same value as REMOTE_USER (but there might be some differences I am not aware of). deny_regexp This config item is OPTIONAL - no default value. deny_regexp contains a regular expression used for check against WEBUSER (see details below) allow_regexp This config item is OPTIONAL - no default value. deny_regexp contains a regular expression used for check against WEBUSER. Allow/deny checking of WEBUSER values goes in this way: 1) If deny_regexp is defined and WEBUSER matches deny_regexp then authentication FAILS otherwise continues with next step. If deny_regexp is not defined or is an empty string we skip this step. 2) If allow_regexp is defined and WEBUSER matches allow_regexp then authentication PASSES otherwise FAILS. If allow_regexp is not defined or is an empty string we skip this step. The order deny-allow is fixed. cutname_regexp This config item is OPTIONAL - no default value. If param cutname_regexp is specified we try to cut the final usename passed to Catalyst application as a substring from WEBUSER. This is useful for example in case of SSL authentication when WEBUSER looks like this 'CN=john, OU=Unit Name, O=Company, C=CZ' - from this format we can simply cut pure usename by cutname_regexp set to 'CN=(.*), OU=Unit Name, O=Company, C=CZ'. Substring is always taken as '$1' regexp substring. If WEBUSER does not match cutname_regexp at all or if '$1' regexp substring is empty we pass the original WEBUSER value (without cutting) to Catalyst application. username_field This config item is OPTIONAL - default is username The key name in the authinfo hash that the user's username is mapped into. This is useful for using a store which requires a specific unusual field name for the username. The username is additionally mapped onto the id key. METHODS
new ( $config, $app, $realm ) Instantiate a new Catalyst::Authentication::Credential::Remote object using the configuration hash provided in $config. In case of invalid value of any configuration parameter (e.g. invalid regular expression) throws an exception. authenticate ( $realm, $authinfo ) Takes the username form WEBUSER set by webserver, performs additional checks using optional allow_regexp/deny_regexp configuration params, optionaly takes substring from WEBUSER and the sets the resulting value as a Catalyst username. COMPATIBILITY
It is strongly recommended to use this module with Catalyst 5.80005 and above as previous versions have some bugs related to $c->engine->env and do not support $c->req->remote_user. This module tries some workarounds when it detects an older version and should work as well. perl v5.14.2 2012-04-14 Catalyst::Authentication::Credential::Remote(3pm)
All times are GMT -4. The time now is 06:52 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy