Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Looking for suggestion on authentication method for UNIX/Windows

Security


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 04-20-2017
solaris_1977 solaris_1977 is offline
Registered User
 
Join Date: Mar 2011
Last Activity: 28 September 2017, 4:34 PM EDT
Posts: 454
Thanks: 54
Thanked 4 Times in 4 Posts
Looking for suggestion on authentication method for UNIX/Windows

Hello,

We have mid level infrastructure of all on-premises servers. All windows servers are getting authenticated by Microsoft Active Directory Services, half Unix (Solaris+Linux) servers are getting authentication by NIS and other half by LDAP.

We have plans to migrate from NIS to LDAP, so going forward it will all LDAP and Microsoft AD.
Recently we started looking into hosting our few servers on AWS and that made us looking into different prospective.

We are not going to build new/another AD on AWS, but we will use our on-primises directory services for authentication.
Will it be a good approch to integrate LDAP with AD, so that single sign-on can be achieved ?
Or most people will prefer to keep UNIX authentication by LDAP and Windows authentication by Microsoft AD ?
Should I consider any pros or cons with either of these solutions ?
As of now, we are planning to put dashboard application on AWS with two tomcat (web servers) servers, two DB servers. But going forward, this environment will grow with further migrations.

I understand that it is not break-fix question and it is more of consulting question. People who have knowlegde of similar kind of setup, can give me some idea.

I want suggestions from you guys, what can be best possible ways to achieve our goal. I can research in details, but I am looking for high level plan.

If this is not related to correct forum, please move it to appropriate place.

Regards
Sponsored Links
    #2  
Old Unix and Linux 04-21-2017
Scrutinizer's Unix or Linux Image
Scrutinizer Scrutinizer is online now Forum Staff  
Moderator
 
Join Date: Nov 2008
Last Activity: 21 October 2017, 8:18 PM EDT
Location: Amsterdam
Posts: 11,573
Thanks: 510
Thanked 3,355 Times in 2,959 Posts
AD is essentially LDAP + Kerberos, so in itself there is nothing wrong with using AD, but it uses a proprietary schema. In order for it to be truly useful for unix/linux hosts, if you need anything more than just authentication, it would be best to import the rfc2307/rfc2307bis schema into AD. So AD can be used as LDAP for Unix/Linux hosts.

An alternative is to have two directories (AD and a separate LDAP) with some kind of sync mechanism...

Then there is the client side. With Single Signon, do you mean that you need to authenticate once and then use a ticket further on. Then you need to use (AD) Kerberos / gssapi. Some linux clients in addition can also do SSO without gssapi through sssd (also against AD), but Solaris cannot. If you mean with SSO that the password is the same for all platforms, then an alternative would be to use TLS/LDAP on Unix/Linux clients.

It all really depends on your situation..

Last edited by Scrutinizer; 04-21-2017 at 02:58 AM..
The Following User Says Thank You to Scrutinizer For This Useful Post:
solaris_1977 (04-23-2017)
Sponsored Links
    #3  
Old Unix and Linux 04-23-2017
solaris_1977 solaris_1977 is offline
Registered User
 
Join Date: Mar 2011
Last Activity: 28 September 2017, 4:34 PM EDT
Posts: 454
Thanks: 54
Thanked 4 Times in 4 Posts
Thanks. It gives me some starting point to research on our feasible options. Thanks
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Identify which authentication method was used at logon fmattos Solaris 2 12-02-2009 11:18 AM
AIX: How to check which authentication method we are using for a user? quanba AIX 1 09-16-2009 11:19 PM
Windows AD for Unix authentication speriya Windows & DOS: Issues & Discussions 2 03-26-2009 08:16 PM
Suggestion: Alternative OS for Windows - Totally Clueless on Unix/Linux OS genesisX UNIX for Dummies Questions & Answers 4 05-10-2007 11:35 PM



All times are GMT -4. The time now is 08:47 PM.