Re: Hardening NIS+
From: Charles Clancy (security@xauth.net)Date: 08/22/02
- Previous message: Darren Moffat: "Re: Solstice Security Manager"
- In reply to: Reg Quinton: "Re: Hardening NIS+"
- Next in thread: Roy S. Rapoport: "Re: Hardening NIS+"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Aug 2002 19:24:27 -0500 (CDT) From: Charles Clancy <security@xauth.net> To: Reg Quinton <reggers@ist.uwaterloo.ca>
> > IMHO, the best combination for ease of administration and security is to
> > use Kerberos with NIS+.
>
> I am curious .... Has anyone configured a Solaris machine to use Kerberos
> authentication against a Microsoft Active Directory?
>
> If I'm so lucky to find someone who has done so... what's required?
There have been many threads on the OpenAFS mailing lists about making AFS
and ADS play together via k5 authentication, and several people have
reported their successes. Without the AFS integration, things are much
easier -- all you should have to do is configure your /etc/krb5/krb5.conf
under Solaris. In theory, you could then use ADS LDAP for NSS info, and
have complete ADS authentication under Solaris. (I'm not aware of anyone
who's done that part too.) Additionally, setting up cross-realm trusts
between MIT krb5 servers and MS ADS servers is possible.
Check out Microsoft's Kerberos Interoperability Guide:
http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerbint.asp
and Kerberos Authentication white paper:
http://www.microsoft.com/windows2000/techinfo/howitworks/security/kerberos.asp
[ t charles clancy ]--[ tclancy@uiuc.edu ]--[ www.uiuc.edu/~tclancy ]
- Previous message: Darren Moffat: "Re: Solstice Security Manager"
- In reply to: Reg Quinton: "Re: Hardening NIS+"
- Next in thread: Roy S. Rapoport: "Re: Hardening NIS+"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
