[geeks] single sign-on, centralized auth
Dave Kimmel
crisco_kid at shaw.ca
Thu Jul 18 22:16:40 CDT 2002
On Thu, 18 Jul 2002, Kurt Huhn wrote:
> My first research project at $job fell into my lap while trying to get my VPN
> tunnel setup today. What I've got to do is come up with a way to centralize
> the authentication. I'm looking for somthing to centralize UIDs, GIDs, and
> work across Solaris, Windows, Linux, etc.
>
> Any ideas? The only thing I've used before was RSA ACE/Server, and that costs
> $$$$...
Samba now has a thing called Winbind which might do this. It integrates
into the resolver and PAM using shared libraries. When someone logs on to
the unix box with a windows username and password it allocates a unix uid
and creates a home directory. The NT<->Unix uid mapping is automatically
built up over time as people log in. This assumes that you want all of
the authentication and management to take place on the Windows side of
things. I know it works for Linux and it probably works for Solaris too.
Of course, the other Samba alternative is to make Samba into a domain
controller, which moves the authentication and management over to the unix
side. As for getting Solaris in there, you could use NIS or something and
all Samba would do is bridge whatever you use for the unixes over to
Windows.
-- Dave Kimmel
crisco_kid at shaw.ca
More information about the geeks
mailing list