Solaris 9 authentication and access control into Active Directory
From: Ron Ogle (ogler_at_tce.com)
Date: Sun, 12 Sep 2004 16:10:47 -0500 To: firstname.lastname@example.org
Has anyone out there been very successful with completely integrating
Solaris 9 into Microsoft's Active Directory? This is what I'm hoping to do:
1. Use Kerberos on Solaris 9 via PAM to authenticate to AD using the
2. Use LDAP through NSS to get /etc/passwd and /etc/group type data from AD.
3. Use Solaris RBAC to group the Windows userids into roles that will
manage the systems.
4. Have a very difficult root password (hopefully using MD5) on the
local machine in case AD is not available. I will use this
authentication only as a last resort.
From what I've read the MIT version of Kerberos works better with AD,
but the Solaris SEAM version of Kerberos works better with Solaris.
From someone who's been there done that, MIT or SEAM?
I've read the Microsoft document on integrating Unix into Windows 2003.
They either have SFU or recommend purchasing VAS. I know that there
is also PAM SMB authentication, but I don't believe that I want to do that.