06-03-2017
1,484,
567
Join Date: Mar 2011
Last Activity: 28 November 2020, 9:34 AM EST
Posts: 1,484
Thanks Given: 68
Thanked 567 Times in 444 Posts
Windows AD has builtin in kerberos and LDAP
You can use that to authenticate users to linux machine via SSH (host key) or your web service (HTTP key), using web server (for instance apache mod_auth_kerb).
You will need to install kerberos libs and client package (names will depend on your distribution) on your linux box.
Process involves creating a user on AD, generating kerberos keytab on AD for that user, copying the keytab file to your linux server and configuring /etc/krb5.conf
This can be configured additionally with AD LDAP to avoid creating users on the machine, otherwise a user must be created.
Without password will work and user will not be able to set his password via passwd command if it is blanked.
Hope that helps
Regards
Peasant.